Slashdot Mirror
Worst Ever Security Flaw in Diebold Voting Machine
WhiteDragon writes "The folks at Open Voting Foundation got their hands on a Diebold AccuVote TS touchscreen voting machine. They took it apart (pictures here), and found the most serious security flaw ever discovered in this machine. A single switch is all that is required to cause the machine to boot an unverified external flash instead of the built-in, verified EEPROM."
Nothing for you to see here. Please move along
That's exactly what Diebold wants you to think...
You'd think in this day and age we'd have some idea of how to create a secure voting system. Unfortunately it doesn't seem like much of a concern to the politicians. They assume computers are more secure than paper because they don't understand them. Nevermind all the computer scientists warning about the pitfalls of electronic voting. Let's just trust this Diebold sales guy over here! We know he's telling the truth because of the billion dollar contract!
Here's a hint for politicians: If in a population of 300,000,000 only 1,000,000 are capable of understanding how the voting system works, and if only 1,000 people are actually allowed to see how it works, and if there's no verifiable paper trail or any simple and legitimate verification system, then democracy is a farce.
I attribute most of these errors to poor design, not anything intentional. Personally I like the old fashioned lever machines my district uses. It is very hard to hack those, I hear. Unlike computers and paper cards, you never hear bad things spoken about lever voting machines.
Information wants a fueled airplane waiting at the hangar and no one gets hurt.
Electronic voting machines with no paper trail are an insult to democracy. That they come with switches to bypass even the dubious "safeguards" provided is hardly a surprise.
My blog
There was a story some time back about a button on the front that did exactly the same thing.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
a Diebold AccuVote...
At least their marketing department has a sense of humor.
Developers: We can use your help.
When will the people wake up? I suspect (some) politicians are well aware of the "flaws" found in the system.
You better watch out, there may be dogs about . .
Thank you, thank you! I'll be here all week. Try the veal!
There are many good reasons to switch to American Idol call-in voting.
1. They still have the electoral college, so it's not like a spam vote will elect the "wrong" candidate.
2. Since the NSA monitors all phone calls, they could track cheaters really easily, compared with this mess we have now.
3. Way more voter participation, you don't have to go anywhere, you just call in with your social or something, etc.
stuff |
is if a Libertarian or Green Party candidate wins....
Taking guns away from the 99% gives the 1% 100% of the power.
Headline sounded like this should be the new slashdot poll. I'll go with Cowboy Neal.
Sig cannot be found.
how will that ever happen WITH these flaws already in place? Diebold machines have been used numerous times already...
I never spellcheck and I freely admit it. Save your karma for more worthwhile "lol erorrs" replies
This is Diebold. Mirror early, mirror often. They love to sue critics like these. Wget may be the only way to save history.
Any company with devotion to a fair and secure voting system would not make such an obvious oversight. If it was in fact an oversight, it shows that Diebold is far too incompetent to be creating voting machines. You would also think that a company in charge of something so important wouldn't show blatant partisanship either. Why are they still employed?
Similes are like metaphors
About the only way a Libertarian, Green Party, or even Democratic candiate will win will be if they ever fix these things!
Jeremy
I thought the biggest flaw was their certification by states for use in actual elections.
--
make install -not war
I wonder if their ATMs have similar "features"? Might be worth investigating and posting results to the net. Strictly for research purposes, of course.
*WINK* *WINK*
The AcuuVote machines are what they are, not due to poor design or unintentional mistake. They are the result of a deliberate intent to enable fraud on a massive scale. Viewed from this perspective, the AccuVote design is very good. The real problem comes when Diebold realizes that it needs to become better at obfuscation and makes it harder to detect the fraud.
Sorry, I have never seen the point of these machines. Paper ballots are auditable, user friendly, and if electronics is put into the reporting system, can be counted in a few minutes and submitted. Voting machine are a perfect example of a technology fetish at work. It would make an interesting case study to examine the economic and sociological reasones why we sometimes buy technology that we don't need, don't want and further, serves no useful purpose.
Has anyone answered the question regarding need for automated vote counting in a satisfactory way?
Seems to me that manual counting of votes would be vastly more secure as it would take a huge conspiracy to affect the result either way.
Counting a hundered million votes is hard, counting a thousand votes in a hundered thousand locations is easy.
Wax-Museum Fire Results In Hundreds Of New Danny DeVito Statues
This article is a little high on the hype. The general rule is that if you have physical access to any computer system you can compromize its security.
Don't you think that a flaw that would allow people to vote multiple times or a flaw in the security by which the voting machine uploads results to the central server or flaws in the central server itself are worse than this.
Gee, we have physical access to the guts of a machine and we can do things to it. I'm not terribly impressed.
Maybe if they put half of the effort into auditing voting machines as they do slot machines this wouldn't be problem that it is.
> is if a Libertarian or Green Party candidate wins....
Perhaps if it was rigged so that "Mickey Mouse" wins, someone would see the light.
I don't see how this is the "biggest security flaw ever discovered. Any system will have some method of flashing new code if you have access to the hardware, and while this makes it a little easier, it is not as big of a deal as they make it out to be. After you verify that the system has the correct (independently audited) code loaded into it, you put a tamper-proof sticker on the case, and call it good.
This is nowhere near as bad as the bugs that allowed exploits though the normal user interface, or the fact that the way the votes are stored allows easy tampering by election officials, or the fact that there is no way to recount or verify that the recorded votes are correct.
This is something that can be improved upon, but it isn't a fatal flaw and certainly not one of the main reasons that Diebold machines should be banned.
Not to pick nits here, but whether or not a voting machine is trustworthy is a boolean variable. Either it's trustworthy, or it is not (and therefore worthless).
As far as I'm concerned, every election using any machine found to be compromisable should be invalidated, and a paper ballot revote should be held.
If you don't trust $[POLITICALPARTY] with your democracy, why should you trust the men behind the curtain?
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
Isn't this the same Diebold that has spent many years making ATM machines for banks that handle CASH transactions? Do their ATM machines have these same vulnerabilities and flaws? Shouldn't they be experts in securing machines for any sort of electronic transactions that require security, tracking and auditing, after being in the ATM business for so long?
more aggressive on this issue.
Electronic Voting machines are not a trustworthy technology. They can be made reasonably trustworthy, but only with significant and constant public involvement and oversight. The core element to this happens to be our requirement of anonyminity for our votes. Being unable to link votes to voters means we must then capture the actual votes themselves if we are to be sure the election is just and true.
Roughly 80 percent of Americans will be using these machines in the coming elections. That should scare the tar out of every one of you, regardless of your political bent.
In 2004, this number was about 30 percent and the problems were so great, we really have no assurance our election results actually reflect the will of the American people, whatever that may be.
Think of it this way. Let's say I'm the voting machine counting votes. You tell me what your vote is, and I update my mental count. Can you see that I updated the count correctly? I could report your vote back to you correctly, yet still maintain a different internal count. There is no way to really know is there? That's the problem we face with electronic votes.
The votes are encoded into states stored on devices nobody can directly observe, other than via the proxy of other electronic technology. Essentially, we are voting by proxy when we vote electronically. Without an accounting in the form of a serial voter-verified paper record, or the use of vote storage that is both human and machine readable, we cannot oversee the election results in a manner that brings confidence to the whole affair.
These machines are general purpose computers for the most part. We all know how easily these things are tinkered with because it's what most of us do! Biggest problems are:
-no direct accountability on elections officials to actually hold a just and true election. Technology can and will be blamed for problems, leaving these folks off the hook for failed / unjust elections. Not good. Where the incentive for corruption and manupulation exists, you can bet it's happening. There is too much at stake for it to be otherwise.
-poor understanding of the core technology differences between paper voting and electronic voting. I summarized it above and have a longer, easy to understand, paper here. Mail it to your legislators along with a request for their position on the matter. If you do the mailing, please also do the request. That forces a response, which helps increase the overall perception of the importance of the issue. http://www.opednews.com/dingusDoug_112604_electron ic_voting.htm
Said poor understanding extends to all of us really, legislators and citizens alike. Too many people consider electronic data processing systems as being better than they actually are. Consider this: If they are so infallable, why do ATM machines deliver receipts? Also, be careful about ATM comparisons. The primary difference between an ATM machine and an electronic voting machine lies in the anonymous nature of voting. ATM transactions are keyed to people, electronic voting records are not --thus the need for a voter-verified paper trail.
What do we need to ask for?
Voter verified paper trails that are human readable, serial in nature and easily handled / processed for recounts. Flimsy, thermal rolls that can discolor from improper storage and or handling won't cut it.
Audits at the precinct level. These can catch abnormalities easily and quickly before too much damage is done. Use the paper record to verify issues and act accordingly.
Strong exit polling. Notice how that is being downplayed now? The reason is simple. In 2004, the exit polls did not jive with the voting records, yet we have been exit polling for a good long time. The differences did not appear in this way until the advent of the electronic machines.
Legislation that reinfo
Blogging because I can...
This really makes me wonder about the shiny new Diebold ATMs being istalled by banks all over Canada. Then again, perhaps banks actually give a damn about security.
Three Squirrels
After all, they do make ATM's and security systems. As far as I know, the ATM's are quite secure, as should be the case with the security systems. This kind of fuckup from a company with a reputation for security is a sure sign of foul play.
The government being of, for, and by the people, each ballot cast in a public election for federal office shall produce a physical ballot able to be read and counted by a human unaided by electronic computer.
Build a man a fire, he's warm for one night. Set him on fire, and he's warm for the rest of his life.
Not so sure about that. Here in Maryland, our (Republican) governor budgeted $20,000,000 to allow us to use paper ballots instead of the Diebold crap -- and he was shot down by our State Senate (democrat)and prinicpally by our State Administrator of Elections, who claimed that going back to old-style ballots would "stifle development."
I'm sure you can find the parties flip-flopped in other states. The point is that if a) people actually gave a shit and b) people really understood the issue instead of blindly assuming "computer = good, paper = bad," any cronyist jackass who supported Diebold would get booted stratight out of office next election -- assuming their evil scheme hadn't yet been implemented. ;-)
Even if diebold took out all of the headers to put a different ROM in there, and make damn sure you couldn't connect to it externally, there are still many attack vectors.
* From the article:
So... you can connect an external eeprom that runs your own code within a few minutes. Fromt he above statement, the diebold protocol is pretty hard to crack, and writing your own firmware or such a board is verging on impossible.
Even if it were possible to write your own firmware, you would have the ability to flash the onboard eeprom just as quickly, or even do A quick solder job on the onboard chip, replacing it with your own. I know this is a little harder, and more likely to get get caught out with, but given the possibility of writing a working firmware, it's in a similar scope of difficulty.
Considering you can desolder a 16 pin EEPROM within seconds, or just as easily hijack it's communication interface (probably just I2C) it's not unreasonable that there are going to be lots of flaws in this system. If one were determined enough, you could hack the machines to high heaven, with the further possibility of no forensic traces.
There are other fundamental problems with this argument too, like what happens with the data logging internally whilst running off the eeprom. You would have very accurate firmware to get anything like a good result.
Also I would imagine these machines have internal software auditing to make sure that an reboot/reload of application code is registered. Cryto signatures etc.
There will be no way to make these things so secure that "Open Voting Foundation" will be entirely happy. They would be out of jobs that way.
Signature v3.0, now with 42% less memory usage.
..was discovered awhile back.
Turning it on.
That's it. That's all you have to do.
Maybe it's just me, but I think the issue here is more about physical security (chain of custody, etc...) than anything else. I have a hard time believing that anyone would or could simply walk into a voting booth, crack this puppy open, and reboot the machine without anyone knowing about it.
I'm not fat, just big boned...
I do not understand the commotion. Every voting system depends on the honesty of the participants and those who guard the procedures. Therefor electronic voting systems will never be more secure, only more efficient (for good and for bad).
Tancque
Smoke me a kipper, I'll be back for breakfast!
Given taxi meters and electricity meters both have tamper seals, you would have thought that these would have visible tamper seals as well. If in doubt you could even have two tamper seals: one from Diebold and another from the voting commission, in order to ensure that both parties are satisfied with the state of the machine.
Jumpstart the tartan drive.
Partisanship, you say? On the part of whom? It's a large country with both red & blue states (and counties, and townships). These devices are used in both. For every example of "Party A" [potential|real] corruption, I could find the same for "Party B".
Never attribute to malice that which can be adequately explained by stupidity.
Besides, look at the level of access that the article's photographers had to the unit. Give the same amount of access to *any* other voting style (even pull-lever) and it could be hacked.
Don't blame me, I voted for Kodos.
Time to sue the Open Voting Foundation out of existence! Nasty, bad reverse-engineers!
It actually a bit of a paradox. By implementing better obfuscation, the code becomes unreadable, and therefore cannot be certified as being accurate.
Maybe the solution is to take it to a higher level and reinvent the wheel, so to speak.
Design it from the ground up. Special use processors, memory, OS, communications protocols. Redesign everything from scratch. Make it completely unique.
If it doesn't run code that works on ANY other platform, then no one outside the company can write code for it. (Unless there's a leak, and then the redesign process begins again.)
Oh, and I have read that quote many times before. Some rich guy telling his buddies that he wants to help his party is different from vote rigging. Think about it; would you have made that statement if you were trying to commit fraud? If I had his job and were trying to defraud voters I would have donated $2000 (maximum donation) to Kerry and joined MoveOn.org. When you read this, remember the GP. I do not think electronic voting is the best option but I do not believe that there is a massive conspiracy out there to get us.
Information wants a fueled airplane waiting at the hangar and no one gets hurt.
Paper beats rock!
It makes it much easier to fix the votes.
For all the whining, teeth-gnashing and guffaws that Florida had to endure in 2004, there was one thing about the recount that shows the reason why paper ballots or a verifiable paper trail are superior to electronic means: you still have a physical record to check against.
Regardless of the intent or incompetence of Diebold and others to throw elections, if there is a paper trail of some sort one can always go back and physically look at the votes that were cast. Compare that to an electronic method in which one has to hope, even after testing, that the machines are correctly recording ones intended vote.
As a side note, after all the flubs, mistakes, oversights and investigations into Diebold machines, it's amazing that they are even allowed to participate in making voting machines.
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
But I've never really seen it answered...
Why does the US favour voting machines?
In Britain we are given a piece of paper with a list of candidates, and we put a cross by the one we want to vote for. There's a paper trail, and the votes are usually counted up and available that night. By the following morning there's usually a only a few places left to declare, but the overall results are known. Recounts happen fairly swiftly, and the candidates seem to be happy with the accuracy of the system, if not the outcome. If there are any serious problems with this method I've never heard them mentioned. So, what are the flaws in this method that means that the US must use machines?
Diebold simply implemented the evil bit.
I'm sick of people voting 10 times along with all of their dead relatives. Require a picture ID. If you aren't responsible enough to bring an ID you aren't responsible enough to vote.
20 Amazing Facts About Voting in the USA
Everyone who says that Diebold is too incompetent to create a secure voting maschine is following the wrong trail.
I have designed a Direct Recording Mechanical vote recording, anonymising and counting machine. It uses no electronics. It can be scrutinised right up until it is required for an election. You can see your vote going through.
The machine is based around mechanical, add-only tally counters. A column of these are mounted in a transparent polycarbonate housing, one for each candidate and an extra counter for total votes. The candidate counters are surrounded by etched plastic which transmits light but prevents anyone seeing exactly what is behind it. Over each counter except the total counter is a shutter, and a large button. Depressing the button retracts the shutter. If the button is released it will return partway, but the shutter will remain retracted and all the other buttons are now locked: the only way to clear the machine is to depress the button fully. This will advance the adjacent counter and, by means of a slotted bar linkage (which is visible through the clear polycarbonate), also advance the total votes counter. After this, the machine must be primed for another vote by the Presiding Officer: this would probably be done remotely by means of a Bowden cable.
These machines could be made available for scrutiny almost right up to the election. Anyone can observe that the system allows only one vote per priming operation, that the candidate and total vote counters advance together, and that no other counters are advanced. (For this operation, the shutter mechanism can be modified by removing the actual shutter from the moveable supports; thus allowing full observation of all counters. In an election situation we do not really want to give away the number of votes for each candidate so far, so all but the one being voted for are obscured. The etched plastic nonetheless would allow one to see the counter changing even if one could not see what it changed from or to.) At the opening of polling, the numbers on each of the counters are recorded, signed by witnesses, sealed in an envelope and attached to the machine. At the close of polling, all shutters are retracted to read the figures. The original figures are subtracted from the new figures to give the numbers of votes, which can be checked against the total.
Note there is no possibility of post-election verification; since anonymisation, recording and counting are done in one operation. This also obviates any need for post-election verification, since one can be satisfied from having examined the machine before an election that it functions as intended and only as intended. A number of people working in concert might be able to discern an approximate result, but this IMHO is much less insecure than e.g. issuing voters with a record of their vote.
Je fume. Tu fumes. Nous fûmes!
I think Chuck Norris should be the next president. Lemme switch this jumper and viola...all hail Chuck Norris. I hear that under Chuck's beard isn't really a chin, its a third fist. That may be useful for the war in Iraq.
Click Click Bloody Click PANCAKES!
I am a computing professional with a background in Computer Forensics and Incident Response. I took a consulting position (specifically a county technician job) with Diebold specifically so I could see what all the hubbub was about with the voting machines.
I went through the entire voting process, from the hardware testing, to the development of the ballots, to the actual election and the tallying of ballots. I can say without a question in my mind that the TSx voting machine and the associated software (assuming the machine is equipped with the voter verifiable printer) is no more susceptable to voter fraud than hand counted paper ballots.
Please keep in mind that I owe nothing to Diebold, have no interest in Diebold, and specifically took this job thinking that I would find gigantic gaping holes in thier product. While the design of the hardware and software leave much to be desired, for someone to assert that commiting large scale voter fraud with this system is easier than with hand counted paper ballots is patently ridiculous in my mind having worked with the hardware and software during an actual election.
The big problem that everyone seems to overlook is that EVERY voting system is inherently operated by humans and is therefore subject to error. My experience during the voting process is that the single most important piece of the "secure election" puzzle isn't the equipment that is used but the processes that are followed and the reasonable inclusion of public scrutiny to the process.
In the case of a hand counted paper ballot, all that is neccesary to commit fraud is a switch of the actual ballots prior to the tally. With the TSx machine (with the attached printer) the audit log of the election (including timestamps and actual votes cast) is present in 3 locations (the actual voting machine, the memory card, and the written record). In order to withstand an audit, all three of these items must be altered to perfectly match the result whereas with paper ballots there is only one record that must be altered.
While it's obviously true that the machines could be programmed in advance to fix an election, keep in mind that voter registration is a completely different process from the actual vote tallying, and that voter turnout is still done by hand. In order for the electronic record to be altered, it would have to be done in such a way as to mirror the actual voter turnout PER POLLING LOCATION, a number which is independant of the voting machines and in any jurisdiction of consequence this number would be effectively impossible to predict. In the case of hand count you need only have a total number of ballots cast as there is no tracking of the votes per polling location whereas with the voting machines this record is kept in each machine.
The bottom line is that the place we need to be concentrating our efforts for voter reform is on the process rather than the specific technologies used to tally votes. The real problem is polling workers being sent home with voting machines. The real problem is no public oversight of the tallying of votes. The technology used is effectively irrelevant unless there is massive voter oversight allowed at every phase of the process, and we must not let our concern over the vulnerabilites of the technology get in the way of the demand for oversight.
In the county that I supported, each machine was kept under lock and key, with a publically accessable camera trained on them at all times. At no time was a single individual allowed access to the machines, including during the travel time to each polling place. When the polls closed, each machine was brought back (again by a team of two) and the actual tallying was done in a room with seating for the general public and a webcam that allowed the public to watch every single part of the process. This is the type of thing we should be advocating.
I will agree that the early technologies used were inadequate to protect our rights, but the voting machine technology has advanced to the p
---
All this has been addressed by the suppliers of Las Vegas casino slot machines. Why not just use them to build the machines?
E Proelio Veritas.
"Perhaps if it was rigged so that "Mickey Mouse" wins, someone would see the light."
Why the hell would Mickey Mouse win an allection?
He is much better with his representative Walt Disney Corp *already* being president!
The name "Diebold"... sounds a bit like... "diabolical", "Diabolus", "diabolism".
I was going to put in an obvious voting-machines-put-GW-back-in-office-as-major-sec urity-flaw joke here, but I've since decided, to avoid political fire, to put the question of weather or not to post this joke up for vote. Trust me on this, though: the yeas have it.
--- What?
Cool, I can't wait for the first Linux distro that comes out booting on that! Just as useful as Linux on my iPod, Linux on my toaster and Linux on my peanut butter and jelly sandwich.
So we have a presidential election with the non-choice between 2 major duds. We end up with a near evenly split electorate that would be challenge to ANY system of voting. Cries of disenfranchisement and stolen elections leads to the Help America Vote ACT which dangles a bunch of federal money and a fast-track deadline in front of a bunch of localities. Local politicians love political and real capital so they jump on the plan. Our flawed, but tried and trusted clunky lever boxes and punch cards are replaced. I suspect some localities made okay decisions, given the short time period, most are going backwards. I suspect history will show that the problems HAVA was designed to fix were made worse. And top-down federal approaches with carrot and stick bags of money lead to expedient changes, not necessarily good changes.
So, all the poll workers need to do is open the box and flip a switch and the pack it all up again... sounds easy.
But wait. All the poll workers I've ever seen could hardly find the sheet of paper with my name on it. In fact, most poll workers and pretty damn clueless when it comes to technology. They may know how to stuff the ballot box, but taking apart a machine and putting it back together again seems a little beyond the nominal capability or your average poll worker.
Paranoid people...just paranoid.
I agree that more secure voting machines are needed.
But at some point, we simply have to rely on the best method of all to prevent fraud (and all crime): the law. Existing, paper-based voting can be tampered with as well. Does somebody actually follow the truck carrying the ballots to make sure they are not "swapped" en-route to the collection centers? There is all kinds of fraud that can occur with paper-based voting.
Tampering with voting is highly illegal. If you get caught, you go to jail. Sure, we don't want to leave the front-doors unlocked to our homes, but I'm also not going to go overboard making my home impossible to break into.
Don't worry, the poor disenfranchised can get a tax CREDIT!
The money they get from the rest of us will help "pay" for the election.
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
Here's a simple idea for a manipulation-resistant paper trail for electronic voting machines: Have multiple printers. When a voter uses the machine, the machine picks one of several (3+, 4 is probably best) printers to print the vote tally on. You could even have a light go on on the printer in use so the voter can verify the information. This would be resistant to the potential problem where voters are retaliated against, since unless someone were monitoring the voting directly it would be difficult to determine who made which particular vote.
You must never be impressed. How can we have a secure election if nobody can physically access the machines? If thats not what you want, we will never have a secure election. I can accept that, but what I can't accept is a private corporation exerting its influence on the election process by directly affecting the machines that count our votes.
This is "impressive" because it shows either incompetence or bad intent. Sure physical access can mean compromising a computer, but that doesn't mean you have to make it EASY or efficient for your corporation to defraud elections.
"how can they call it a MINE if everything here is THEIRS?!?!" -Straight Jacket
Anyone working even tangentially in computer security knows that, if the means exists to hack a system, even or especially if it is tremendously obscure and/or complex, it will be discovered and used. When we're lucky, it's first discovered and used by someone just doing it for fun, who leaves their Kilroy Was Here on our systems, and we do forensics, find the entry point, and fix it before the truly malicious show up. If we're unlucky, we've just had our career toasted and lost our employers $millions.
What's brilliant about Diebold's engineering is that there's no challenge. Nothing obscure or complex is required to hack the systems, so those seeking a serious challenge will just go elsewhere. This makes them honeypots for the truly malicious, who after identification can then be recruited into the NSA, to help on important projects like monitoring communications. Elections? They're obsolete anyhow because most of the electorate is so seriously disinformed, and most of the candidates working so hard to appeal to the disinformed, that the votes altered by hacking don't measurably affect the outcome in any way that seriously matters to those who control our media corporations, our "think" tanks, and the dittoheads of America.
Future historians will say, "While they were working hard to 'save' their elections, their brains were stolen, and the battle was lost anyway."
"with their freedom lost all virtue lose" - Milton
This shouldn't be news to Americans. If you've paid attention to the antics in the last 3 election cycles and the discrepancies between exit polling and actual results, you'd know what's going on. Same thing just happened in Mexico. Expect it to happen here in November. Democrats leading in races by 5% or so, then a miraculous Republican turnout (contradicted by all polls) will maintain their majority. Anyone who protests the results or points out election day shennanigans will be ostracized by the "liberal" media as a whiney sore loser. Welcome to Oceania.
I swear to God...I swear to God! That is NOT how you treat your human!
Nobody cares what the final count is in December in Washington D.C.
It's a media event, and media events needs things to happen. They need the numbers as quickly as possible to retain the viewership for the evening. Plus, realistically, you need to be able to have the day's voting results before midnight, and preferrably before the 11 o'clock news goes on the air.
Urgency of the voting results is totally independent of the intent of the voting process (electing representatives and leaders). We could all put paper ballots in a box and ship them to DC and then wait for the end of the year. No big deal.
Alternatively, we could just replace all the representatives on the first Wednesday in November.
Is it just my observation, or are there way too many stupid people in the world?
Perhaps you were asleep for a couple of months in 2000. The manual votes were extremely dubious. There were many different ways for a vote to be vague (partially punched, incompletely filled in) and the paper ballots don't have any "Are you absolutely sure you meant to vote for Pat Buchanan?" feature.
It sounds like we've swapped one evil for another. I think that most slashdotters would agree that we made a lousy trade. The manual ballots led to a few problems (some of which could be fixed simply by better standards of ballot design), and in a very close election the failures were enough to swing the election. The electronic ones, however, are prone to massive undetectable fraud, and I think most people would say that's worse.
But don't go pining for the good old days of manual ballots without remembering that it was manual ballots that got us our current President in the first place.
Designing a trustworthy system, with trustworthy being justly trusted by ordinary people, is very difficult. The whole voting by proxy thing is what throws a wrench into what would otherwise be a dead simple task. The requirement for anonyminity is another biggie too.
Unless said e-voting system personally identifies the votes, it's going to be untrustworthy because of how the technology impacts the democratic process. People are fallable and corrupt by nature. That's why elections should be public! The more eyes the better, because conflicting agendas tend to cancel out. Would not be a bad idea for us, as a nation, to reaffirm the value of our democracy while we are at it too.
Blogging because I can...
Call me Machiavellian, but I'd wager this goes across party lines. Self interest of those in power to maintain said power. Just as gerrymandering isn't a one party phenomenon, neither is vote-rigging. (1968 democrats, possibly 2000 and 2004 republicans)
You better watch out, there may be dogs about . .
You're assuming a few things. First off, you're assuming that no one but diebold has access to these specifications. While it is mostly correct, I can garuntee that these specifications are listed somewhere in some government classified file... a file that only those with access to CIA, NSA, or (what have you) can view. Namely, members of the executive branch... While you may trust your government to do what is right, I do not. Not this administration, anyway. And seeing as they not only own the machines, they operate and distribute them, I am not going to be surprised if it leaks that they also reverse engineered or tampered with them.
The fact is, someone, somewhere knows how these machines work alreay. Do you trust this person that you do not know? Or perhaps an entire team knows... do you trust this team? Do you even know who this team is? What about those with access to the machine? Do you trust them? Somewhere there's a decommissioned unit or prototype lying around, and somewhere there's someone who has messed with it. I feel this to be an almost certainty.
So now we're in a situation where the information is available to many anonymous people. To be honest, that didn't bother me... I knew that from the begining. What DOES bother me, however, is that these anonymous people now have an immense amount of power because they can *do something about it*. Before this article, I was under the assumption that even if they have access to the machines, they couldn't easily change the information on all of them. Now it becomes clear that someone can change the information on them easily and efficiently. This disturbs me, and it should disturb you as well.
Finder of the any key.
It won't be long before someone finds a while to build a targeted virus for these machines that changes the counters on that machine and all other machines it can reach on the network. And I won't be surprised when it's as simple as inserting one of those cards in the front of the machine and is done while the hacker is given privacy to cast their vote. The only question is if someone is good enough to do that, will we be good enough to find out, especially if the virus/worm is only memory resident so there aren't any traces.
If they're incompetant, then how do they make their ATMs, which are actually good?
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
The truth is I'd rather have Hackers run the Government than the current set of politicians. So here's to security flaws and back doors.
Some states are moving to require this. They are being blocked by people claiming that older/impoverished people will be disenfranchised because they will have to have birth certificates and prove who they are to get a "free" voter ID if they do not have a standard ID like a driver's license.
Read more here at NPR with Audio
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
...and the lack thereof is what really sickens me.
You can't ever trust a computer, no matter what, ESPECIALLY in such an important thing as a governmental election. We *need* checks and balances.
1) Vote with electronic voting machines.
2) Receive a paper reciept with a 'checksum' of sorts that add up to your specific votes (this is the only pitfall right now, since obviously printing a paper reciept is WAY too complex to code by Diebold programmers)
3) Submit your checksum to any number of third party, independent voting "Check & Balance" websites. These sites can independently tally votes from citizens in each voting district, and if descrepencies occur between the official count and any number of these sites, secondary validation routines/alerts can occur.
Why would this be such a hard solution? I'm sure any number of you can code a simple database/website that tallies citizens' votes. I'll do the hosting for free.
Let's open source this muther f*cker, whether they like it or not!
It is pitch black. You are likely to be eaten by a grue.
Now, is there a single convincing reason why the simplest, most secure and easily verifiable system - paper ballots - aren't used? Why all the machines? Lever, butterfly ballots, electronic... What problem is it that these systems are meant to solve?
I suspect it is a combination of "We want some result in an hour or two - we are too impatient to wait for it to be counted properly" and "We want a system that we can manipulate without any audit trails."
Gah! No, don't elect Mickey Mouse; the first thing he would do in office would be to make copyright infringment a capital offense!
Now, see, we ought to rig it to make somebody like Lawrence Lessig or RMS win instead.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
if people by mistake made the wrong vote, it would be automatically corrected for them, after all, the correct person got to be president.
(note to those hard of brain, this is sarcasm)
>Perhaps if it was rigged so that "Mickey Mouse" wins, someone would see the light.
It was, he did. You might know him as George though.
I want a list of atrocities done in your name - Recoil
I propose the creation of jesusland. the retarted and apathetic will be drawn there. We do not allow them to have a standing army because its way un-jesus.
We can create a mohammadland too. same thing.
Also we keep them like we kept most of the 3rd world but leverage religion much more to keep them in their place.
Doesn't mean they will.
After all, if we were to believe that Diebold intended to permit certain people to steal our votes, their CEO would have given $100,000 to a specific Presidential candidate and promised "to deliver the votes nationwide" to him.
Oh.
Wait.
They did.
Ok, it's starting to concern me - originally, I could tune out the conspiracy theorists, but now they're starting to sound sane, and that worries me.
-- Tigger warning: This post may contain tiggers! --
The success of the 2004 election shows that the voting system is not broken. I still believe that the proven 90 year old technology of lever voting works best, I do not foresee Diebold attempting to steal votes.
Success? Ohio was the state that won the election for Bush, and the CEO of Deibolt had the balls to brag that Diebolt was ready to hand the election to Bush when Ohio awarded Deibolt a contract for voting machines. That was a success for Bush not democracy!
FalconShould there be a Law?
Recently a grant was rewarded to several universities to discover if and how E-Voting can be secured, but like previously stated e-voting is as secure as the people who run it, just as paper ballots are. More info at one of the involved professors websites:
http://www.cs.uiowa.edu/~jones/voting/
I wondered if there was a petition related to this online and found it at http://www.petitiononline.com/boycottd/petition.ht ml. I don't know when it was created but so far only about 230 people have "signed" it.
Yes: 99.9% No: 0% Pat Buchanan: 0.1% "The ballot was confusing!"
What sound do people on rollercoasters make? Hint: it's not Xbox 360.
Because absentee voters get a paper ballot that is not only delivered by a trusted source - the US Post Office - who have a verified date/time stamp - and that the ballots can be audited, traced, and verified - now THAT is a reason to register permanent absentee.
Today.
-- Tigger warning: This post may contain tiggers! --
Worst Security Flaw Ever.
God spoke to me.
Accuvote: As accurate as you want to be.
Did they get the machine legally?
I think you'll find that pretty much all the voting companies' machines can be manipulated in some way...especially if you can crack the case open like a clam and mess with the innards. I know...I work for one.
I'm not sure what the public expects in terms of *security* of the device. I'm not saying Diebold or anyone else doesn't use some crappy code/practices sometimes/often. But some of these *research* and *findings* never takes into account how ridiculous the procedures are that a jurisdiction might go through to actually allow the public to vote.
ANY voting machine can be manipulated...whether electronically or manually. It's all dependant on the process, and how vigilant the jurisdiction in question is about securing the process of voting that's built around that very device.
I could sit around and tell stories for days of voting machines getting *manipulated* without ever accessing one line of code or ever hitting a reset button or anything of the sort. You know, maybe a pollworker from a pre-dominantly Democrat jurisdiction (who happens to be Republican themselves) might *forget* a voting machine or two in their trunk after the polls close. Guess what? That happened in Florida in 2002...you know, after the whole 2000 fiasco and subsequent legislation that was supposed to fix the issues.
Okay so politicians aren't generally computer savvy and they do alot of very stupid things, but you can't really blame them for an unsecure voting terminal. Blame the guy they told to design it. Think about it... somewhere out there is a team of engineers (whose job it is to make the right tool for the right job) that received orders to "design a voting station" and they somehow didn't think to make it ultra-secure. And it's not just a little bug you could say was overlooked, it's a fundamental design flaw. As much as I tend to dislike politicians, it seems to me that blaming them for this is like blaming a CEO for the janitor using the wrong cleaning product on the windows. What about the engineers, the QA officers, the project manager and all the other people involved in creating it?
They are only kind of verifiable if you did a hand recount and every single person kept their receipt (yeah right).
They don't hand out receipts on how the voter voted. If I recall right receipts were made illegal because with receipts your boss or whoever could make sure you voted the way they said to vote. How you verify your vote is by making sure the paper ballot credited those who you voted for. The paper can be a roll behind a glass window in the machine, and when removed is put into a lockbox/safe.
FalconShould there be a Law?
1.bleh 2.bleh 3.bleh 4.bleh 5. PROFIT!!!
Private Network - DMZ - (FireWall) - Internet.
Private Interest - Government - (Voting) - The Public.
These Diebold machines are Firewalls to keep Uninvited Public out of the Government process and so protect the Private Interest.
Where's the backdoor?
One problem with electronic voting machines, and I'll quote my beloved uncle here, is that "them things 's got too many part in'em."
After looking at the pictures, I tend to agree... electronics do fail. Nothing wrong with paper ballots IMNSHO.
- For every action, there is an equal and opposite criticism.
Remember that "paper ballots" is what led us to reform our voting system in the first place!
It's pretty fucked up when something that can be so easily be tampered with. Though again, this is the USA and it's just as easy to rig an election through paper ballots anyways! I still don't think that just because the company that supplies these machines is a low bid that they should go with them. Yes, it does save money but it makes your citizins not trust you anymore and I thought that was what an election was for, to show how many people trust your judgement..?
I'm an asshole. Yes, I know.
...but in the UK we use highly precise and effective vote collection machinery, consisting of:
And it works perfectly well, and is completely anonymous and auditable.
Pirate Party UK
The biggest security flaw is the fact that the machine doesn't check for US citizenship before allowing someone to vote.
If you can't do it on paper, how do you expect the machine to work?
Fix the problems with the paper, then develop the machine.
From TFA: http://www.openvotingfoundation.org/5-bt-cfg.jpg/
Looks like they built in the illegal voting functionality, but does the XXX mean that the machine will show naked pictures of the candidates?
What makes Libertarians and Greens immune to corruption? They're probably nowhere near as bad the Republicans, but why single them out?
Our recent primary elections were conducted on our new Diebold machines. As I voted, a receipt printed out under glass that verified my vote. When I cast my vote, the receipt rolls up into a sealed drum where it will be kept for several years. A recount is possible to verify that the election wasn't rigged, and results will always be randomly audited to make sure the machines are functioning correctly.
Any voting system is susceptible to fraud. These machines don't appear to be any more susceptible and they are a heck of a lot more efficient. Voting was far simpler than the old punch card system where you were always a bit concerned about punching out the wrong hole if your paper ballot got misaligned.
Slate article from 2004 about electronic voting machines in another democracy http://www.slate.com/id/2107388/
...that security risk only exists within the corequisite realm of possibility. I agree, you can disassemble this thing and boot a nonverified image. But the chances of someone successfully doing this in a voting booth without drawing attention (hint: how much time do you normally get to vote?)(hint: how many tools and how much hardware are you normally allowed to take to the polls?) are slim.
Here's a depressing comparison, showing the rules surrounding slot machines in Vegas vs. voting machines:
Vegas vs. Electronic Voting Machines
Can you also prove that the scantron reported an acurate count for the double check? Can you then prove that the scantron sheets that were sent to be verified are the same ones that made it into the fireproof boxes? Can you then prove that the ones counted from the fireproof boxes are both all of the votes and the same accurate count from the original vote? Finaly, even if you can prove all of that, can you prove the voter voted for the person they wanted to win (again remember the buterfly ballots)?
The fireproof boxes first. All interested parties are allowed representatives to keep the boxes in sight at all tymes, even if it means getting a bigger van to hold all those people. Then the ballots are all hand counted by the same, or different, people after the watchers have verified the ballots haven't been tampered with. Because they were printed there are no "hanging chads". And because the voter verified the correct person was credited with the vote there shouldn't a problem with the printer not being clear enough to know who the voter voted for, if there's a problem with it then another printer or another machine is used.
FalconShould there be a Law?
You're Machiavellian. And it still needs fixing, no matter who's doing it.
If Jesus wants me it knows where to find me.
Because they don't hold any office important enough to attract big campaign contributions?
People are worried about the flaws in this voting box when the current method being used is stuffing pieces of paper into a goddamned cardboard box! And they don't even require you to have ID in some states to vote, becuase this would be 'racist'.
I seriously think the DieBold box is the least of our worries.
Big ones, small ones, some as big as yer 'ead!
Give 'em a twist, a flick o' the wrist...
As opposed to those people who blindly assume "computer = bad, paper = good"
IAACP (I am a computer programmer), but I have a strong respect for paper trails and auditing. I am all for electronic voting, I think the results will be faster and more accurate tabulation. But I am also for a solid, verifiable, and auditable paper trail. That means that for every vote that is made there has to be the electronic notation, a paper receipt for the voter, and a paper receipt for the vote counters.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
The voting machine issue is a prime example of the US government purchasing in action. Although Diebold is known to have produced a wide variety of security problems within it's machines, they are one of very few companies that actually have a history of producing voting machines. They get put on the short list because they have more experience than others.
Purchasing agents either lacks the creativity to force the issue of security, or Diebold refuses to agree to security provisions. Salespeople probably do a great job of downplaying the security issue, and there are very few people in place currently with both a strong technical mindset and decision making power.
There is unbelievable waste, security problems, and straight out fraud all over government IT projects. This is just a single example that makes the occasional headline at slashdot.
There is something to be said for the "buy-it-now fix-it-later" model that politicians push for. The government moves slow as it is and without someone pushing forward many federal projects would never have gotten off the ground. Where voting is concerned, however, it is much better to adopt a safe, slow, well thought out, and secure philosophy.
1968 Democrats?
If the Democrats rigged the 1968 election, they don't deserve to hold office. Richard Nixon, Republican, won the 1968 election.
"I have as much authority as the pope, I just
don't have as many people who believe it" - George Carlin
You are talking about Clinton Curtis' testimony, right? The video is here:
http://www.youtube.com/watch?v=4UvEuqYyDoE
"All you need is a screwdriver ..." Right, and a sophisticated alternative flash bios.
There is not a single documented case of the corruption of the vote with a Diebold machine. It is all theoretical balderdash. Courtesy of the same folks that saw no problem whatever with tens of thousands of paper punch fragments on the floor of the "recount rooms" (even in the fourth or fifth recount) of 2000 -- where the strategy was to "recount" until obtaining the desired result of overturning the legitimate election of George W. Bush.
I think it's of great concern which party it is: since Diebold and the other big supplier of voting machines (whose name eludes me for the moment, but is owned in part by Republican Senator Hagel) are run by major donors of the Republican party. It's a very relevant concern.
(btw: I think you're talking about 1962 Democrats...but then again, the topic is voting technology and not alleged vote dumping in Lake Michigan)
1968 was the Democratic Convention riots, IIRC. (which, quite obviously, maybe I don't)
You better watch out, there may be dogs about . .
The Nevada Gaming Control Board has technical standards for slot machines. They've had enough fraud over the years that they know what has to be done. Some highlights:
(a) Employ a mechanism approved by the chairman which verifies that all control program components, including data and graphic information, are authentic copies of the approved components. The chairman may require tests to verify that components used by Nevada licensees are approved components. The verification mechanism must have an error rate of less than 1 in 10 to the 38th power and must prevent the execution of any control program component if any component is determined to be invalid. Any program component of the verification or initialization mechanism must be stored on a Conventional ROM Device that must be capable of being authenticated using a method approved by the chairman.
(b) Employ a mechanism approved by the chairman which tests unused or unallocated areas of any alterable media for unintended programs or data and tests the structure of the storage media for integrity. The mechanism must prevent further play of the gaming device if unexpected data or structural inconsistencies are found.
(c) Provide a mechanism for keeping a record, in a form approved by the chairman, anytime a control program component is added, removed, or altered on any alterable media. The record must contain a minimum of the last 10 modifications to the media and each record must contain the date and time of the action, identification of the component affected, the reason for the modification and any pertinent validation information.
(d) Provide, as a minimum, a two-stage mechanism for validating all program components on demand via a communication port and protocol approved by the chairman. The first stage of this mechanism must verify all control components. The second stage must be capable of completely authenticating all program components, including graphics and data components in a maximum of 20 minutes. The mechanism for extracting the authentication information must be stored on a Con
Now, contrast that with EVMs and find out the chain of who benefits from their machines being broken and who gets to make the choices about them...
kurzweil_freak
5th Kyu Genbukan Ninpo/KJJR student
Be the darkness that allows the light to shine.
Both sides, however, need monitoring by a vigilant populace.
And yes, I meant earlier elections (1960 was the one I was thinking of, but 1962 is a good choice as well) but got confuzzled with the Dem Convention that ended in riots.
You better watch out, there may be dogs about . .
Paper trails are just as susceptible to fraud as electronic systems.
Do you actually believe that or are you just playing devils advocate?
The only measure in which that can be accurate is the binary "Is fraud possible?" measure, any measure which takes into account degree of susceptibility, paper is the hands down winner.. Just for starters, we have experience investigating paper trails. There is physical evidence left behind when a paper trail is tampered with. Tampering with the paper trial necessarily require physical access. The list of ways in which paper is demonstrably superior goes on, and on...
"I'll have a Guinness, no wait, make that a Coors Light" -Grad student I work with, who shall remain anonymous...
Go read some of Greg Palast's research into the topic. The 2000 elections were not won by the Republicans --- Bush got appointed. The votes in Florida have been counted afterwards by a group of news organizations their conclusion: Gore won. Their action? Bury the story. Three hurrays for American journalism :) Well at least some of your compatriots in "exile" take their job seriously.
I'm willing to believe it goes across partylines but that does not make it right (stating the obvious just to be save). Find out who is rigging the system and hold them accountable. If you find a company messing with election results or if you find out that they are being negliant strip them of their contracts and bar them from getting new ones. For extra points go after the executives and hold them personally accountable for the malfeasance of their comapnies.
Simple: It's made by Diebold.
Oh it is worse than that...
In August 2003, Walden O'Dell, chief executive of Diebold, announced that he had been a top fund-raiser for President George W. Bush and had sent a get-out-the-funds letter to Ohio Republicans. In the letters he says he is "committed to helping Ohio deliver its electoral votes to the president next year."
Ken Blackwell (Ohio's Secretary of State (Repub)) and current canidate for Ohio Gov is the one who certifies Ohio's elections, and is the one who approved the use of Diebold's machines.
Ohio State Senator Jeff Jacobson, Republican, asked Blackwell in July, 2003 to disqualify Diebold Election Systems' bid to supply voting machines for the state, after security problems were discovered in its software, but was refused.
When Cuyahoga county's primary was held on May 2, 2006, officials ordered the hand-counting of more than 18,000 paper ballots after Diebold's new optical scan machines produced inconsistent tabulations, leaving several local races in limbo for days and eventually resulting in a reversal of the outcome of one race for state representative. Blackwell ordered an investigation by the Cuyahoga County Board of Elections; Ohio Democrats demanded that Blackwell, who is also the Republican gubernatorial candidate in this election, recuse himself from the investigation due to conflicts of interest, but Blackwell has not done so.
DJMD - The fourth man - Planetary
what, nobody watches south park any more?
I've heard the latter described as "demarchy". The only thing that keeps a democracy from devolving into a demarchy is a strong constitution and bill of rights. That's why the current crowd is so scary -- they're deliberately dismantling both constitution and BOR in order for a smaller group to have undue influence on the law and its enforcement.
A sad example is he Schiavo case. You had a governor announcing that he would ignore his own state's laws and her courts, you had Congress going into an emergency session to pass an unconstitutional law while ignoring many more pressing issues, etc. All so that views of some radicals could be shoved into a grieving family's face.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
Honestly, this seems like a "watch dog" group trying to build up their reputation as watch dogs by pointing out something that is largely unimportant. Oh sure, the technology supports this. How many people are going to know how to do it, though? That is the question. And on top of that, how many people will know, with certainty, how to do this and have access to the voting machines? This could not go un-noticed on a large scale.
I say we put these guys in charge. They know how to do a code review.
We seem to agree on the trust issue and largely on the means and methods.
Have you made your phone calls and sent your mail?
Blogging because I can...
Are all the sore loser nerds in the world contained in this one thread? I can't beleive it. You LOST in 2004, fair and square. It wasn't because of vote fraud, it was because your candidate was a JOKE. So much of a JOKE, in fact, that he couldn't beat the current JOKE in office. Your only platform was "ABB" and people still voted for your sorry asses because GWB is such a JOKE. It wasn't the voting machine's fault. It was yours. Stop making excuses.
~ now you know
It is sad to say, and most people would think that violent revolutions are things of the past, or are things that happen in 3rd world countries, but , I wonder if some sort of revolution is waiting down the road...especially since the GOP seems to always suffer form a superiority (power and religion) complex concerning money, power, civil rights etc.
With all these examples of bad behavior (how Regan stole the election for carter, the two last stolen bush elections?), what are the next bunch of republicans who take over from Bush & co. going to be like? It's funny how a country that represents itself (with loud self-promotion) over the last 50 years, how its supposed to be a democracy, and how, in reality it is not.
It has been shown that in past history, if the rulers get really corrupt and it does affect the average person to a great extent, then violent revolutions have usually formed to such responses and chaotic change tends to happen...
Perhaps with the increasing rate of technological development (in this case, how ironic for the application of cheap computing power, we get unregulated, corrupt voting machines), we can speed the development of nanotech assemblers (a possible solution) and provide everybody with their own "replication machines" and hence remove one aspect (in history), that the powerful have gained control of power over the common man (the law of scarcity of resources and products).
This could be a solution, and yet, even more problems as it has be noted that the transition to nanotech may produce a period of instability because of the existing manufacturing infrastructure will break down if manufacturers for see everybody making (growing) their cars, houses, computers, food etc. and may not want to invest in keeping existing factories running.
Another problem could be if, the average person, using nanotech, has his personal material and health wants (remember, medical nano Will probably reverse aging permanently)m the common person may find that they have no real interest in politics (their material wants have been satisfied), and may let really corrupt people gain control, after all, a lot of really evil leaders do so, because they have this burning desire to control things/people/situations etc.
Even with this flaw, the Diebold machines are still no worse than a paper machine. So I pull a lever and my ballot goes into some box behind the machine. How do I know that's not really going into a trash can? Every election, boxes and boxes of ballots get left behind. The same could hold true if we had a paper trail on the diebolds. If somebody gets rid of the paper, we're still screwed. Let's have the machine print a reciept that doesn't say who I voted for, but a unique transaction ID. After the election, I take my reciept home and plug the unique ID into vote.gov. If it says "you voted for the other guy", I'm going to call them up and scream fraud. But if my guy shows up, I know my vote made it where it was going. Now I burn the paper evidence to prevent the other guy from getting his hands on it, and calling fraud himself.
I am sure there a jumpers on the ATM machiene to enable EEPROM updates. The bank trusts the person installing the ATM to not load a diffrent prom. Same for the voting machiene. Seems to me even with this ability to load a diffrent ROM the people process (accountability / checks) is what really matters anyhow. No matter how grand your system is. Trust must start from somewhere.
http://dictionary.reference.com/browse/liberal
Not requiring voters to show official picture ID.
What do we need to ask for? ... Voter verified paper trails that are human readable, serial in nature and easily handled / processed for recounts. Flimsy, thermal rolls that can discolor from improper storage and or handling won't cut it.
The bottom line is that your guy lost and you're not happy about it. So, you declare it's unfair (as any unreasonable person does) and start looking for someone or something to blame. This time it's supposedly hackable voting machines, but let's be honest - that's not the point. The point is your guy lost and you're mad as hell and you're not going to take it anymore.
Let's just take one example from your exhausting (for emphasis, note that I didn't say exhaustive) list, which was to add printers to the whole process. I'm going to go out on a limb and predict that if your next guy loses again you'll be the first one crying foul over the printers. "Printer jams occurred 1.2% more frequently in [my guy's stronghold]! Diebold rigged the election again!"
Quit the bull. You'll be unhappy until you win. At which point you'll be happy. And some idiots on the other side can take up the cause.
Before I'm inevitably accused of being pro-this or anti-that, you should be aware that I am thoroughly sick of partisans on both sides and I wish that everyone would realize that all politicians are fake and only out for themselves.
I'm a big tall mofo.
you'd think in a country where security is one of our most important considerations, that these machines would be top notch and untamperable. a president and all his officials should be the first people on the line questioning whether or not these machines can be hacked.. its not a question of who should of really won the election, because if the republicans were smart, they should be complaining too.. shouldn't they be afraid of democrats hacking in to the machine? and visa versa.. i think they're all fuckin screwy bastards.. my opinion on this matter does not lean on either political side, but for fuck's sake.. its SOMEONE's responsibility to make sure these machines are legit.. and someone obviously didn't do their job..
*plays the Apogee theme song music*
You found the dictionary. I'm so proud of you. Now go look up "satire".
Done with slashdot, done with nerds, getting a life.
Actually, Diebold's ATMs aren't nearly as reliable as people think. I actually saw and played with an ATM at Carnegie Mellon University which crashed and rebooted into XP... people had it running Media Player until some sleep-deprived kids taking OS couldn't take it any more. Some pictures here.
Deposit to Acct 1 $500.00
Purchase Stamps 20 @ $0.39 $ 7.80
Purchase Congressman 2.5% ownership -$25,000.00
Current Balance -$24,507.80
Thank you. Your account balance is between $x and $y -- Your vote for all Democrat/Republican/Libertarian candidates has automatically been cast.
Or maybe they could take advantage to that built in video camera in the voting process and make the logic a bit more sophisticated:
The only downside would be that $1.50 fee for voting outside one's district.
to get people to realize how shitty these things are with security is to crack a bunch of them and get the most random person you can think of to win.
It really seems like nothing short of a massively-publicized fraud is going to stop the juggernaut that is Diebold right now. There have been enough vulnerabilities reported, and no action has been taken. It's becoming more and more obvious that until Something Bad happens to a production system -- not a test system, not a "simulated election," until there is real fraud, in a real election, nothing is going to change.
Given that voting is pretty much the most fundamental part of democracy and a free society, maybe we're approaching the point where some sort of "direct action" is going to be required.
Think of it like a bomb that has to be defused; sometimes you need to make the bomb blow up in a controlled manner, in order to keep it from going off at some less convenient time when it would be more damaging.
The only way that Congress is ever going to wake up to the threat that these Diebold machines represent is when there's a major election fraud perpetrated in some painfully obvious way. I know I'm going to sound extreme here, but maybe what's going to be required is for somebody to purposely invalidate an election; delete all the votes from several polling places and replace them with votes for "Santa Claus" or something -- be creative. Or just brick the machines at the very beginning of a voting day; I can't imagine that anything the Diebold salespeople do will be able to preserve their reputation in the face of that level of chaos.
I understand that this path is quite a dangerous one to go down, in fact a person being caught doing it in today's climate would probably run the risk of being labeled a 'terrorist' or worse. However, right now we're heading straight for an iceberg labeled "election fraud" and it's becoming obvious that the American Public in general and Congress in particular is planning on sitting with their thumbs in their ears until we run straight into it.
Just food for thought.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
By the next election, the Diebold machines will have been upgraded to Microsoft Windows Vista, which I am reliably informed (by Microsoft) is "the most secure operating system ever".
What's to prevent thugs from demanding voters "check their vote online" with their vote ID?
We cannot link the vote to the voter, if we are to insure said voter is truly free to vote their concience.
Blogging because I can...
Are you saying our elections are secure enough then?
Would you still say it if your favored people were on the losing side?
Doesn't it make perfect sense for the losers to speak on this matter first, whoever they may be? Why would the winners speak --and in particular these winners?
Bottom line is that our voting process no longer properly embodies the core ideals necessary for it to be trustworthy.
Get back to me when nobody is making money from elections.
Blogging because I can...
Designed to keep out the riff-raff who haven't already been distracted. Move along, these aren't the votes you're looking for...
"Don't you know you're going to shock the monkey?"- Peter Gabriel
"names of all the citizens on a big list and roll the dice."
Paris Hilton for President maybe?
Blogging because I can...
More Diebold Voting Machine Fun
s installs
YMMV
http://www.votergate.tv/
http://www.equalccw.com/dieboldtestnotes.html
http://www.equalccw.com/dieboldtestnotes.html#gem
http://midnightspaghetti.com/newsDiebold.php
http://www.archive.org/details/TheCageBushKerry
hylas
~hylas
Nice to see that at least the people at Diebold know their Stalin. It's not the people who vote that count, it's who counts the votes.
At least by now it's not a matter of ruining your wrist by filling out a few million ballots just so you can get the vote you want. Gotta love technology. It makes things so much easier.
There is a flaw in this testimony. The programmer absolutely states that if exit polling data is different from the totals from the machine it means there has been tampering. You can't make that jump in logic.
Exit polling data has always been inconsistent in that the interviewer picks and chooses what they think is a sample which is representative of the majority. If they choose the wrong people that will affect the sample. And, depending on when the exit polling was done this will influence the exit polling. On any random day there has been statistical skew as to when liberals vote versus conservatives vote. If you end exit polling early on one site or start late on another site you can have exit polling different from what the actual totals are.
Quality Hosting e3 Servers
Sigh... ...when will the voting advocates realize that hacking a touch screen machine is child's play when compared to the real threat against democracy, which is the extremely low (~ 30%) voter turnout in places like California for the June election.
Anybody who wants to fix the election, simply needs to funnel some extra money into a smear campaign to dissuade an extra one or two percent of the population from voting.
This crap about "hacking" TSV devices or the county tally systems needs to stop.
The Kai's Semi-Updated Website Thingy
Of course, all printed (punched...) vote backups are have the problem that they need a way to be invalidated if there is a preview and approve mechanism.
Thomas Jefferson believed in Democracy, more than almost any other founding father. Anyway, here's an article about the quote you posted:
http://www.cronaca.com/archives/003038.html
It could be bogus, but I can't seem to find any actual references on the "mob rule" quote that make it seem genuine.
Would there be any problems with giving everyone a random GUID tied to their vote on a receipt, then at the end of the election allowing them to look up their GUID?
A couple years ago, I went to Fermilab to see a Chomsky talk. Kucinich bumper-stickers spread thine selves across the parking lot... Anyhow, someone there (I was in the overflow CCTV room) asked Mr. Chomsky what he thought of the electronic voting machines, paper trails, etc. mugging for a tirade about the death of democracy. His heavily paraphrased response:
Why are you worried about one side of the 'Business Party' playing with the margins? 50% of the eligable voters don't even bother. Further, abstension in U.S. elections occurs for the same reasons as abstensions occur everywhere else: there's no "None of the Above" box to punch. Fix that problem (which in practice prevents half of the populace from voting) before you get all worried about the one-half-of-one-percent that's being fudged.
Meh. I say we just use slot machines to vote. It's the perfect solution given that each administration is a gamble anyways.
*chug chug chug chug...chuck...clunk* WOOHOO! It said I voted for Party-X. That's right. Now that I think about it, I've ALWAYS wanted to vote for Party-X.
Life is not for the lazy.
ATM's have had years to go through many iterations to get to a "secure" and "reliable" system (that even then can have anomolies)?
It's because if your ATM isn't secure, nobody will buy it, because they won't want to lose their money. If your voting machine isn't secure, the state government will buy it anyway.
paintball
*looks at his bag full of 2008 ballot slips with Clinton written on them*
FUCK !
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
I am a software engineer on emebedded systems. I see a lot of boards like this.
The ability to boot from different sources is a normal debugging feature, not in itself sinister. Should they have cleaned that up on the production model? Yeah, sure. But verifiability is ultimately a human concern anyway, not a tech one.
It all comes down to who you trust.
If you don't trust the polling place, make the voting machine tamper proof.
But then you have to trust the guy who built the voting machine.
You have to trust the guy who loaded the software on it at the factory or the elections office.
You have to trust the guy who wrote the code. Even if you inspected the code, you have to trust him to give you a binary based on that and not pull a fast one.
You have to trust his compiler to give him a binary without compiled in back doors.
I feel like I probably haven't listed all the points where this voting machine chain of trust can break down.
On top of all that, voting machines are not cost effective vs hand counted paper ballots. So, I advocate for no voting machines.
Start Running Better Polls
Democracy ended when the people running the country stopped being called "Statesmen" and became "Politicians".
No.
I will reveal to you what epitaph Democracy's grave will bear. It is this:
"I died, ironically, when the majority decided I was dead."
There never was a time politicians could be trusted in a democracy. That's the whole friggen' point of democracy. You make politicians and political parties pay consequences for their actions. There are none more virtuous than the closely watched over.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
I live in Northeast Ohio. The investigation found that the problems had nothing to do with the voting machines themselves, but was a result of poorly trained polling station workers, and some ballots where printed by a different company that didn't meet the specifications of what the machines were able to read. The primary election 2006 was the first time these electronic voting machines were used in Ohio, so this doesn't have an impact on prior elections. Also, other counties in Ohio used the same machines but used ballots printed by a company that better met the specifications of the machines, so they didn't have the problems Cuyahoga County did.
"22 astronauts were born in Ohio. What is it about your state that makes people want to flee the Earth?" Stephen Colbert
Seems that the Rasist Christans (all Christans) who are Republicans have a problem.
Kiss-an-tell!
Toodles!
Design it from the ground up. Special use processors, memory, OS, communications protocols. Redesign everything from scratch. Make it completely unique.
If it doesn't run code that works on ANY other platform, then no one outside the company can write code for it.
I don't think that's a good idea at all. Security through obscurity has no place in a system as vital as a voting machine. Who is to say that the CEO (or some rogue programmer) doesn't have a political agenda. IMO, in order to be "secure" for voting purposes, the system must be completely transparent and completely auditable. The hardware specs should be available to the public, the machines coming off the assembly line should be verified by third parties against the specs. The code should be open source (available to everyone), audited, and the final version burned into ROM and available for bitwise comparison on demand in the deployed system. Physical security would take the form of a transparent enclosure, sealed by simple tamper-proof physical seals. Above all, the system MUST have a paper trail to check the accuracy of the final count against the value produced by the machine.
But on another note, Showing some sort of letter from a billing agency could be used to prove residence. Utility, eletric, creditcard bill, bank statments, cell phone bill, loan payment book, voter registration card, all could be used to were you live and who you are.
That would prove residency at a particular address, but not that you're eligible to vote.
Being eligible to vote consists of two things:
1) Proof of residency / domiciliation in the district in which you want to vote.
2) Proof of legal status (i.e. Citizenship, and that you're not a felon or mental defective).
Actually voting adds another dimension:
3) Proof of identity (that you actually are the citizen residing in district x that you claim to be).
So a utility bill would satisfy #1, but it doesn't say anything about #2. Unfortunately, just because someone is living in this country these days doesn't say much about their right to actually be doing so, and certainly doesn't imply that they have the right to vote (even leaving out illegals, you still have legal aliens -- people with visas -- who have residence but not legal status to vote).
Right now I think the Diebold thing is a bigger risk than the identification problems, because of the sheer scale and ease of rigging an election that's possible when the votes aren't linked to any sort of physical artifacts, but aside from that I think the voter-identification problem is the second-biggest weakness that we have yet to effectively deal with. On one hand, we don't want to do anything that will disenfranchise voters and lower participation, but fradulent-but-high turnout is worse than low-but-representative turnout.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
... let it leak that Al Queda is planning to exploit these flaws. Then run for cover.
help me i've cloned myself and can't remember which one I am
At the voting station, a number of machines (depending on the size of the precinct) are set up to a group of printers, located on the same table. The purpose of these machines is to print up a ballot in any language (including the many forms of Braille), with pictures of the candidates next to their names (for those who can't read) and a blank area under each office up for election for a write-in candidate. This will keep waste to a minimum, since a precinct doesn't need lots of excess ballots in little-used languages/dialects, yet will not disenfranchise non-English speakers, or speakers of languages which are rare in a particular location. Next, after the usual sign-in (with, perhaps, the unusual request to see the voter's registration card) the voting official hands the voter his/her card from the printer after checking it to make sure it is correct (names match faces match offices), and also hands the voter...a pen. The voter walks into the voting booth, checks off which candidate(s) s/he wants to elect for each office (or writes someone in), slides the card into a receptacle inside the booth, and leaves. The vote count can then be easily done by hand.[/my$.02]
I am not an animal! I am something worse!
OK, this is about Internet voting, so slightly off-topic, but I believe still relevant.
Most of the computer science graduates I've met, even those I'd consider top students, see nothing wrong with the concept of Internet voting. "Pen and paper? Are you crazy? This is the 21st century, man!" is a common reaction.
Take Poland as an example. I'd like to believe that computer science courses at top Polish universities are comparable in quality to top UK universities. That is, except for computer security classes, which still teach little more than cryptography. Many students know the structure of DES by heart, but have no clue how to apply cryptographic primitives to build secure systems. One of the most important principles, "never invent your own ciphers or protocols" is never told them. Such people go to the industry to build nation-wide critical dependable systems. The fact that these are the best people my generation has really scares me.
I believe we really need more real security experts teaching security courses. People who, while appreciating the mathematics in cryptography, also understand security threats in the real world. Because the current generation of students will build systems we'll depend on in the future. If they don't stand up and convince the public against politicians and businessmen's "progressive" money-making ideas of Internet voting, nobody will.
I believe this Internet voting vulnerability report should be a compulsory read at all computer security courses.
That believe that the internets is a series of tubes. And you expect them to know stuff?
----
This is a really bad problem because somehow, someone could break open the seals, unlock the box, flip a switch, insert an unverified EEPROM, and then seal it all up again in such a way that the people who guard these machines, or oversight them don't notice? Wow. I bet you lose sleep every night with the thought that someone could overpower marine guards, seize a nuclear submarine and start World War III.
It is not a bug! It is a feature!
There are some states here where they're allowed to vote as well (I know it's the case in Maine; I always thought it was bizarre), in general when you're convicted of a felony you lose a lot of rights that you'd otherwise enjoy as a full citizen. You lose physical freedom, usually, by virtue of being in jail; you lose your 2nd Amendment right to own a firearm; you usually can't hold public office; depending on circumstance you may lose other things as well.
To put it bluntly, when you're in jail it's basically because you've demonstrated for one reason or another that you can't handle the responsibilies of a citizen in free society. Therefore, I see no reason why they should be allowed to participate in the democratic process.
Voting isn't something that should be taken lightly; if you're so highly irresponsible so as to have to be locked up for the safety of others, if your judgement is that bad, then you certainly have no business participating in something as fundamentally important to the operation of our country as voting is.
With that said, I don't think it's appropriate to permanently take away someone's voting rights for commiting a crime; once you've been released from the penal system and are otherwise a free person, then you should be able to vote again.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
I highly recommend "Stealing Elections: How Voter Fraud Threatens Our Democracy" by John Fund.
1. I never said fraud on paper was imposible, or didn't exist, in fact I explicitly stated that fraud using paper ballots is possible. I said it is harder to pull off than purly electronic fraud.
2. As Megaditto pointed out. The idea is the voter sees the paper ballot before it gets put into the locked box. Through your assertion that the voter would get to keep a reciept you have made it abundantly clear that you do not understand the idea being discussed. I suggest you read up on it, you could start here or here. Then you could come back and have an informed discussion on the mater if you still feel as you currently do.
3. Only a fool would assert that you can make any system completely fraud proof, but likewise only a fool would suggest that all systems susseptable to fraud are of equal usefulness. The goal is to make fraud as hard as posible to pull off.
"I'll have a Guinness, no wait, make that a Coors Light" -Grad student I work with, who shall remain anonymous...
Because it makes fraud a lot harder!
Here is a report (big PDF) on threat models against elections, from the Brennan Center Task Force on Voting System Security (includes Bruce Schneier).
They look at what it takes to alter enough votes to swing a statewide election, and rank the difficulty by the number of people who would have to be "in on" the conspiracy.
If you have a machine with no paper trail, or if the paper trail you have is not audited, then only one person is needed to swing the election - to plant a Trojan in the voting machine software.
If you have a paper trail that's randomly audited, and any centralized storage of the voted ballots is secure enough, you need a pretty big conspiracy to swing a statewide election (you'd need at least one person at a whole bunch of precincts).
They go on to describe countermeasures that can be used to thwart or mitigate suck attacks - interesting read. I'm proud to say that my county has most of them implemented.
What he's saying is that it doesn't matter if it's secure or not. You guys loses it's broken. My guy loses it's broken. Even if it was somehow 100% shown that the next election was completely secure. Losers would STILL claim it was not secure.
India implemented a semi automated electronic voting system during the last country wide general elections. There has been surprisingly little debate on the security of this system. The design is closed source even though it was developed by a govt owned unit. There has been no independant audit of the system's security, even though the systems are used in virtually every election nowadays. All this in a country where booth capturing and rigging are commonplace. The scope for electoral fraud is immense! It's probably only a matter of time before someone begins to exploit flaws in the system... Here's some info on the EVM: http://www.eci.gov.in/EVM/index.htm [Election Commission of India] http://en.wikipedia.org/wiki/Indian_voting_machine s [Wikipedia]
I voted for That McPhee gal. She shoulda won. I demand a recount.
is the knowledge that one of them was wrong, and you can begin your investigation there. While if you only have one system, the odds of knowing that something went wrong go down quite drastically...
Or do you propose that ignorance is bliss?
"I'll have a Guinness, no wait, make that a Coors Light" -Grad student I work with, who shall remain anonymous...
I thought they actually had to do some work at stealing elections
Honestly, why? It really can you know.
Treat it as an academic question if it helps, or if you must... the problem space defining an engineering question.
Are you saying that you are not capable of divesting yourself of political bias when approaching any engineering problem? Oh you can?
Well, why does this particular engineering problem have to be unique? Seriously, capture the requirements, pose a solution. No one need 'troll' here, no one need 'spin.'
Try to be an engineer.
must be impervious to influences from outside the device, including, but not limited to, electro-magnetic interference, electro-static interference, and radio frequency interference.
I have a lot of trouble believing that a slot machine is fully resiliant against high power radio or magnetic interference.
Instead of rebuilding the wheel, why not use mechanical systems? Really, no one has been able to come up with any valid reasons why levers should not be used! The areas that are installing these computerized systems are rarely those that use levers. Why? Because levers just plain work. I think there is a benefit to using a system that can be understood with an associates in engineering rather than requiring that "the redesign process begins again" every single time there is an error.
Information wants a fueled airplane waiting at the hangar and no one gets hurt.
I was about to respond to you to state how you completely missed my point. I then discovered that dev/trash already helped you out with that.
But, to directly respond to your question of "Are you saying our elections are secure enough then?"... The answer is that no matter how secure they are, unreasonable people will never be satisfied if they lose. And let's face it - no system that does anything millions of times is perfect. Especially when you consider that even with a fantastically accurate and secure system, the imperfect (and often incredibly stupid) people that are voting can still mess it up. Remember the einsteins that accidentally voted for Pat Buchanan instead of Al Gore in Florida? High-tech paper ballots were too much for them.
So there will always be things for buffoons on both sides to nitpick.
I'm a big tall mofo.
Never give in--never, never, never, never, in nothing great or small, large or petty, never give in except to conviction