Worst Ever Security Flaw in Diebold Voting Machine

WhiteDragon writes "The folks at Open Voting Foundation got their hands on a Diebold AccuVote TS touchscreen voting machine. They took it apart (pictures here), and found the most serious security flaw ever discovered in this machine. A single switch is all that is required to cause the machine to boot an unverified external flash instead of the built-in, verified EEPROM."

When Will Politicians Wake Up?

[telbij]

You'd think in this day and age we'd have some idea of how to create a secure voting system. Unfortunately it doesn't seem like much of a concern to the politicians. They assume computers are more secure than paper because they don't understand them. Nevermind all the computer scientists warning about the pitfalls of electronic voting. Let's just trust this Diebold sales guy over here! We know he's telling the truth because of the billion dollar contract!

Here's a hint for politicians: If in a population of 300,000,000 only 1,000,000 are capable of understanding how the voting system works, and if only 1,000 people are actually allowed to see how it works, and if there's no verifiable paper trail or any simple and legitimate verification system, then democracy is a farce.

Re:When Will Politicians Wake Up?

[SpryGuy]

You'd think in this day and age we'd have some idea of how to create a secure voting system.

Of course we do. But you presume that security was a design goal for these machines. I put it to you that this was certainly NOT a design goal of these machines.

There's a reason that Diebold's banking and ATM machines are massively secure and auditable, and their voting machines, well, aren't either of those things.

Re:When Will Politicians Wake Up?

[betterunixthanunix]

Of course electronic voting is not verifiable -- but after the numerous attempts to actually verify the vote in Florida back in 2000... George Bush barely made it into the white house to begin with, and congress is on his side. Why would anybody be worrying about a paper trail, when verifiability very nearly cost him the election back in 2000? With this new system, the supreme court will never have to instruct a candidate to stop requesting recounts, because there will be nothing to recount. But here in America, only the minority of well-informed citizens even recognized the need for a recount in Florida -- the rest were busy behaving like 5 year olds.

Re:When Will Politicians Wake Up?

[mrchaotica]

You joke, but somebody seriously needs to do this. It's going to be about the only way to get the general public to notice or care.

Re:When Will Politicians Wake Up?

[MoneyT]

And can you prove that the scan tron printed was exactly what the voted intended (remember people were confused over the fucking butterfly ballots). Can you also prove that the scantron reported an acurate count for the double check? Can you then prove that the scantron sheets that were sent to be verified are the same ones that made it into the fireproof boxes? Can you then prove that the ones counted from the fireproof boxes are both all of the votes and the same accurate count from the original vote? Finaly, even if you can prove all of that, can you prove the voter voted for the person they wanted to win (again remember the buterfly ballots)?

In short, somewhere along the line, voting requires trust.

Re:When Will Politicians Wake Up?

> "I've said it before and I'll say it again: Democracy simply doesn't work."
> -Kent Brockman

This is the whole point of our form of governemnt.

The best form of government is a dictatorship with a good dictator.

The worst form of government is a dictatorship with a bad dictator.

I'll leave it to the reader to define good/bad.

What the founding father's did was set up a mediocre government. It will never be really good or really bad, regardless of what anyone currently thinks about W.

It's a standard tradeoff in almost any process. In order to eliminate the potential for really bad, you also have to eliminate the potential for really good. It's why a lot of businesses stumble along the way they do. It's why are government is the way it is.

Re:When Will Politicians Wake Up?

[LordKazan]

A) The user gets to see the scantron, it is one that would be designed to be clearly, easily, human readable (it would take a real IDIOT to be unable to line up the damn rows.. have you ever seen a scantron?) - butterfly ballots and scantrons are A LOT different

B) There is a reason why the person casting a ballot gets to SEE and CONFIRM the contents of the scantron before depositing it in the firebox - if it's innaccurate a technician cancels their vote and they revote

C) this problem exists with any paper ballots, and it's is a matter of physical security outside the content of an electronic voting machine discussion - if your system cannot guarauntee this then your system is a fraud and you should just hand your country over to the fascists now [and no, the current US voting regime cannot even gaurantee this in all cases *cough*ohio*cough]

D) See C

E) see A

Butterfly ballots are not a valid analogy for scantrons - a simple correctly printed grid scantron can be read by a 4 year old.

Re:When Will Politicians Wake Up?

[smokeslikeapoet]

Correct Sir, Democracy doesn't work, America's founders realized that and instituted America as a Constitutional Republic. I cringe evertime I hear a politician or judge describe America as a Democracy.

Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote.
-Benjamin Franklin

A democracy is nothing more than mob rule, where fifty-one percent of the people may take away the rights of the other forty-nine.
-Thomas Jefferson

Lever action!

[andrewman327]

How do all of the other devices made by this company still work? They are not just a voting technology firm, after all.

I attribute most of these errors to poor design, not anything intentional. Personally I like the old fashioned lever machines my district uses. It is very hard to hack those, I hear. Unlike computers and paper cards, you never hear bad things spoken about lever voting machines.

Not a bug, but a feature

[pieterh]

Electronic voting machines with no paper trail are an insult to democracy. That they come with switches to bypass even the dubious "safeguards" provided is hardly a surprise.

wrong question

[BitterAndDrunk]

When will the people wake up? I suspect (some) politicians are well aware of the "flaws" found in the system.

Re:wrong question

[oyenstikker]

Not until after the people wake up.

Re:wrong question

[telbij]

When will the people wake up? I suspect (some) politicians are well aware of the "flaws" found in the system.

Good point. I guess I figured the one thing politicians should know something about is voting. If it's up to the people then we're pretty much doomed, because the American people don't know and don't care about politics. At this point we're so swamped between work and entertainment that the only way to generate political awareness is if it becomes a fad like it did in the Vietnam era. Either that or a lot more Katrina-style disasters to destroy people's television sets.

Re:wrong question

[Y2]

When will the people wake up? I suspect (some) politicians are well aware of the "flaws" found in the system.

The world makes a lot more sense if you assume that at least a few politicians understand things things quite well.

Re:wrong question

[megaditto]

One man's "flaw" is another man's "feature". But really, hacking is not a problem if there is a paper trail mechanism in place.

Is it that hard to put a thermal printer behind a glass shield: a voter can view his vote on paper tape. The current record is hidden when the tape is fed-forward for the next voter.

Random spot-checks can ensure that a machine reported same number of e-votes as paper-votes. Say, check 500 machines at random, if they all function correctly, accept the electronic results for the whole country.

Re:wrong question

[vertinox]

"The people who cast the votes decide nothing. The people who count the votes decide everything." -Joseph Stalin

Re:wrong question

[IdahoEv]

Dumb dumb dumb. Really:

How does having a paper trail make the results any more verifiable?

The same way that checksums and parity bits are useful by telling us that digital data streams have been altered and may contain errors. Even if by themselves they can't reconstruct what the original data stream should have been - the knowledge that your data stream is corrupt is by itself invaluable.

What if there is fraud in the paper trail?

Sure, someone can steal and alter the ballot box in which the paper records were stored. But that is a physical crime far harder to pull off and more likely to leave evidence.

To successfully hack the system, the bad guy would have to simultaneously alter the ballot box AND hack the computer so that they produce identical results. That combination is much harder than just altering a ballot box, and infinitely harder than just hacking a computer. If they only pull off one, then you know a crime has been committed and the election is void.

Joe teenage computer whiz can hack a diebold machine: the vulnerabilities are published. Certainly Joe Diebold programmer can sneak in malicious code. But can the same Joe simultaneously steal all the ballot boxes, forge new ballots to match the computer's altered count, and sneak them back under the noses of the election? Probably not. That requires people on the ground in many locations at once, working very fast. It's extremely hard to cover up.

all you know is that there is a disagreement - there is no way to know for sure which count is accurate.

You know the election is invalid, and you begin an investigation instead of putting the winner directly into office. If the investigation can prove which tally was altered, you still have a good election. If it can't, you hold a new election. Either way, you prevent an invalid election from potentially putting the wrong guy in office.

In an electronic system, one hacker gets the wrong guy into office and nobody ever knows because there is no evidence to even trigger the investigation.

but..

[BlackCobra43]

how will that ever happen WITH these flaws already in place? Diebold machines have been used numerous times already...

yarrr

[not+already+in+use]

Any company with devotion to a fair and secure voting system would not make such an obvious oversight. If it was in fact an oversight, it shows that Diebold is far too incompetent to be creating voting machines. You would also think that a company in charge of something so important wouldn't show blatant partisanship either. Why are they still employed?

Bug or Feature?

[Doc+Ruby]

I thought the biggest flaw was their certification by states for use in actual elections.

Re:Diebold - Designed for fraud.

[cmd]

Diebold also builds automated teller machines (ATM), the definitive model for reliability and accountability.

The AcuuVote machines are what they are, not due to poor design or unintentional mistake. They are the result of a deliberate intent to enable fraud on a massive scale. Viewed from this perspective, the AccuVote design is very good. The real problem comes when Diebold realizes that it needs to become better at obfuscation and makes it harder to detect the fraud.

"IN mid-August, Walden W. O'Dell, the chief executive of Diebold Inc., sat down at his computer to compose a letter inviting 100 wealthy and politically inclined friends to a Republican Party fund-raiser, to be held at his home in a suburb of Columbus, Ohio. ''I am committed to helping Ohio deliver its electoral votes to the president next year,'' wrote Mr. O'Dell, whose company is based in Canton, Ohio."

What's wrong with paper ballots?

[slofstra]

Sorry, I have never seen the point of these machines. Paper ballots are auditable, user friendly, and if electronics is put into the reporting system, can be counted in a few minutes and submitted. Voting machine are a perfect example of a technology fetish at work. It would make an interesting case study to examine the economic and sociological reasones why we sometimes buy technology that we don't need, don't want and further, serves no useful purpose.

Why?

[Iamthefallen]

Has anyone answered the question regarding need for automated vote counting in a satisfactory way?

Seems to me that manual counting of votes would be vastly more secure as it would take a huge conspiracy to affect the result either way.

Counting a hundered million votes is hard, counting a thousand votes in a hundered thousand locations is easy.

Physical access ALWAYS means all bets are off.

This article is a little high on the hype. The general rule is that if you have physical access to any computer system you can compromize its security.

Don't you think that a flaw that would allow people to vote multiple times or a flaw in the security by which the voting machine uploads results to the central server or flaws in the central server itself are worse than this.

Gee, we have physical access to the guts of a machine and we can do things to it. I'm not terribly impressed.

Not the worst.

[pavon]

I don't see how this is the "biggest security flaw ever discovered. Any system will have some method of flashing new code if you have access to the hardware, and while this makes it a little easier, it is not as big of a deal as they make it out to be. After you verify that the system has the correct (independently audited) code loaded into it, you put a tamper-proof sticker on the case, and call it good.

This is nowhere near as bad as the bugs that allowed exploits though the normal user interface, or the fact that the way the votes are stored allows easy tampering by election officials, or the fact that there is no way to recount or verify that the recorded votes are correct.

This is something that can be improved upon, but it isn't a fatal flaw and certainly not one of the main reasons that Diebold machines should be banned.

If you value your country, you need to be

[PotatoHead]

more aggressive on this issue.

Electronic Voting machines are not a trustworthy technology. They can be made reasonably trustworthy, but only with significant and constant public involvement and oversight. The core element to this happens to be our requirement of anonyminity for our votes. Being unable to link votes to voters means we must then capture the actual votes themselves if we are to be sure the election is just and true.

Roughly 80 percent of Americans will be using these machines in the coming elections. That should scare the tar out of every one of you, regardless of your political bent.

In 2004, this number was about 30 percent and the problems were so great, we really have no assurance our election results actually reflect the will of the American people, whatever that may be.

Think of it this way. Let's say I'm the voting machine counting votes. You tell me what your vote is, and I update my mental count. Can you see that I updated the count correctly? I could report your vote back to you correctly, yet still maintain a different internal count. There is no way to really know is there? That's the problem we face with electronic votes.

The votes are encoded into states stored on devices nobody can directly observe, other than via the proxy of other electronic technology. Essentially, we are voting by proxy when we vote electronically. Without an accounting in the form of a serial voter-verified paper record, or the use of vote storage that is both human and machine readable, we cannot oversee the election results in a manner that brings confidence to the whole affair.

These machines are general purpose computers for the most part. We all know how easily these things are tinkered with because it's what most of us do! Biggest problems are:

-no direct accountability on elections officials to actually hold a just and true election. Technology can and will be blamed for problems, leaving these folks off the hook for failed / unjust elections. Not good. Where the incentive for corruption and manupulation exists, you can bet it's happening. There is too much at stake for it to be otherwise.

-poor understanding of the core technology differences between paper voting and electronic voting. I summarized it above and have a longer, easy to understand, paper here. Mail it to your legislators along with a request for their position on the matter. If you do the mailing, please also do the request. That forces a response, which helps increase the overall perception of the importance of the issue. http://www.opednews.com/dingusDoug_112604_electron ic_voting.htm

Said poor understanding extends to all of us really, legislators and citizens alike. Too many people consider electronic data processing systems as being better than they actually are. Consider this: If they are so infallable, why do ATM machines deliver receipts? Also, be careful about ATM comparisons. The primary difference between an ATM machine and an electronic voting machine lies in the anonymous nature of voting. ATM transactions are keyed to people, electronic voting records are not --thus the need for a voter-verified paper trail.

What do we need to ask for?

Voter verified paper trails that are human readable, serial in nature and easily handled / processed for recounts. Flimsy, thermal rolls that can discolor from improper storage and or handling won't cut it.

Audits at the precinct level. These can catch abnormalities easily and quickly before too much damage is done. Use the paper record to verify issues and act accordingly.

Strong exit polling. Notice how that is being downplayed now? The reason is simple. In 2004, the exit polls did not jive with the voting records, yet we have been exit polling for a good long time. The differences did not appear in this way until the advent of the electronic machines.

Legislation that reinfo

Tamper seal??

[Midnight+Thunder]

Given taxi meters and electricity meters both have tamper seals, you would have thought that these would have visible tamper seals as well. If in doubt you could even have two tamper seals: one from Diebold and another from the voting commission, in order to ensure that both parties are satisfied with the state of the machine.

Re:democracy

[pe1chl]

The difference is that with a paper voting system there are a lot of participants. For election fraud you need very many persons to know and participate.
With electronic systems, it is possible to modify something in the sofware with only very few people knowing and participating, and still have influence on the end result.

It is of course much easier to have 3-10 persons work with you, than 10.000

Las Vegas Slots

[Sqreater]

All this has been addressed by the suppliers of Las Vegas casino slot machines. Why not just use them to build the machines?

The fix is already in

[GodfatherofSoul]

This shouldn't be news to Americans. If you've paid attention to the antics in the last 3 election cycles and the discrepancies between exit polling and actual results, you'd know what's going on. Same thing just happened in Mexico. Expect it to happen here in November. Democrats leading in races by 5% or so, then a miraculous Republican turnout (contradicted by all polls) will maintain their majority. Anyone who protests the results or points out election day shennanigans will be ostracized by the "liberal" media as a whiney sore loser. Welcome to Oceania.

Why Automated Voting Machines Anyway

[Maclir]

Now, is there a single convincing reason why the simplest, most secure and easily verifiable system - paper ballots - aren't used? Why all the machines? Lever, butterfly ballots, electronic... What problem is it that these systems are meant to solve?

I suspect it is a combination of "We want some result in an hour or two - we are too impatient to wait for it to be counted properly" and "We want a system that we can manipulate without any audit trails."

Re:Diebold lobbied slashdot...

[cmbondi]

These are not flaws, this is intentional and is part of the process of how the criminals in the white house got there and are able to stay there. Democracy ended in this country over 6 years ago.

A Depressing Comparison

[PunkXRock]

Here's a depressing comparison, showing the rules surrounding slot machines in Vegas vs. voting machines:

Vegas vs. Electronic Voting Machines

Re:This is NOT a reason to register absentee

[JDAustin]

I suggest you take a look at the research into the recent Washington state elections done by SoundPolitics.com. They verified close to a 20% error rate in absentee balloting. The signature verification on absentee balloting is no verification at all due to non-verification being done by those who count the ballots. Additionally, the USPS is not a trusted source, they are just another government beuacracy. The ballots themselves cannot necessarly be traced nor verified and even when the signatures are completly different, they are still counted. Due to the nature of voter rolls, duplicate ballots are sent out all the time due to slight variation in a persons name and the duplicate ballots counts are not caught until after the final tally has been done and the election finished. Finally, mischivious gov officials can always delay sending the military their ballots so those serving overseas do not have time to get their vote in on time. This actually happened in 2004 in Washington state.

Permanent absentee is not the solution. Neither is electronic voting.

The true solution takes elements of the recent Mexican election to prevent fraud (voter id cards, thumb inking, precinct based monitoring and tallying) and combine them with the best paper based voting machine.

Re:Diebold lobbied slashdot...

[rworne]

Your number is a bit low. It's more likely Democracy ended when the people running the country stopped being called "Statesmen" and became "Politicians".

BTW: The mod war on the above post should prove interesting.

Re: the other party

[scheming+daemons]

Call me Machiavellian, but I'd wager this goes across party lines. Self interest of those in power to maintain said power. Just as gerrymandering isn't a one party phenomenon, neither is vote-rigging. (1968 democrats, possibly 2000 and 2004 republicans)

1968 Democrats?

If the Democrats rigged the 1968 election, they don't deserve to hold office. Richard Nixon, Republican, won the 1968 election.

Re:Voting in the USA

[geek2k5]

I would say that Diebold is competent enough to create a secure voting machine that would take a high level of expertise to spoof. Unfortunately, almost by definition, Diebold would be competent enough to create a spoofable voting machine that could be programmed remotely and capable of 'fixing' elections. The opportunity exists, even if the company, or even renegade employees of the company, don't do it. I will assume that they are innocent until proven guilty in a court of law. But I sometimes wonder, because they would be in a perfect position to affect critical elections. Political power can be tempting.

Re:Election Fraud and Diebold

[homer_ca]

In the case of a hand counted paper ballot, all that is neccesary to commit fraud is a switch of the actual ballots prior to the tally. With the TSx machine (with the attached printer) the audit log of the election (including timestamps and actual votes cast) is present in 3 locations (the actual voting machine, the memory card, and the written record). In order to withstand an audit, all three of these items must be altered to perfectly match the result whereas with paper ballots there is only one record that must be altered.

While it's obviously true that the machines could be programmed in advance to fix an election, keep in mind that voter registration is a completely different process from the actual vote tallying, and that voter turnout is still done by hand. In order for the electronic record to be altered, it would have to be done in such a way as to mirror the actual voter turnout PER POLLING LOCATION, a number which is independant of the voting machines and in any jurisdiction of consequence this number would be effectively impossible to predict. In the case of hand count you need only have a total number of ballots cast as there is no tracking of the votes per polling location whereas with the voting machines this record is kept in each machine.

That may be true, but it only protects against vote stuffing, not vote flipping. By vote stuffing, I would include overwriting the database with a new file. Malicious code could contain an algorithm to flip a small percentage of votes while they're being cast. In that case, the total number of votes in the machines will equal the number of voters who signed in with the pollworkers. A VVAT will protect against that though, if the paper receipts are actually audited.

You are correct about process and oversight being more important than any technical vulnerabilities.

Slot machine standards are much tighter

[Animats]

The Nevada Gaming Control Board has technical standards for slot machines. They've had enough fraud over the years that they know what has to be done. Some highlights:

• ... must resist forced illegal entry and must retain evidence of any entry until properly cleared or until a new play is initiated. A gaming device must have a protective cover over the circuit boards that contain programs and circuitry used in the random selection process and control of the gaming device, including any electrically alterable program storage media. The cover must be designed to permit installation of a security locking mechanism by the manufacturer or end user of the gaming device.
• ... must exhibit total immunity to human body electrostatic discharges on all player-exposed areas. ... A gaming device may exhibit temporary disruption when subjected to electrostatic discharges of 20,000 to 27,000 volts DC ... but must exhibit a capacity to recover and complete an interrupted play without loss or corruption of any stored or displayed information and without component failure. ... Gaming device power supply filtering must be sufficient to prevent disruption of the device by repeated switching on and off of the AC power. ... must be impervious to influences from outside the device, including, but not limited to, electro-magnetic interference, electro-static interference, and radio frequency interference.
• All gaming devices which have control programs residing in one or more Conventional ROM Devices must employ a mechanism approved by the chairman to verify control programs and data. The mechanism used must detect at least 99.99 percent of all possible media failures. If these programs and data are to operate out of volatile RAM, the program that loads the RAM must reside on and operate from a Conventional ROM Device.
• All gaming devices having control programs or data stored on memory devices other than Conventional ROM Devices must:
  (a) Employ a mechanism approved by the chairman which verifies that all control program components, including data and graphic information, are authentic copies of the approved components. The chairman may require tests to verify that components used by Nevada licensees are approved components. The verification mechanism must have an error rate of less than 1 in 10 to the 38th power and must prevent the execution of any control program component if any component is determined to be invalid. Any program component of the verification or initialization mechanism must be stored on a Conventional ROM Device that must be capable of being authenticated using a method approved by the chairman.

  (b) Employ a mechanism approved by the chairman which tests unused or unallocated areas of any alterable media for unintended programs or data and tests the structure of the storage media for integrity. The mechanism must prevent further play of the gaming device if unexpected data or structural inconsistencies are found.
  (c) Provide a mechanism for keeping a record, in a form approved by the chairman, anytime a control program component is added, removed, or altered on any alterable media. The record must contain a minimum of the last 10 modifications to the media and each record must contain the date and time of the action, identification of the component affected, the reason for the modification and any pertinent validation information.
  (d) Provide, as a minimum, a two-stage mechanism for validating all program components on demand via a communication port and protocol approved by the chairman. The first stage of this mechanism must verify all control components. The second stage must be capable of completely authenticating all program components, including graphics and data components in a maximum of 20 minutes. The mechanism for extracting the authentication information must be stored on a Con

Are you serious?

[TamMan2000]

Paper trails are just as susceptible to fraud as electronic systems.

Do you actually believe that or are you just playing devils advocate?

The only measure in which that can be accurate is the binary "Is fraud possible?" measure, any measure which takes into account degree of susceptibility, paper is the hands down winner.. Just for starters, we have experience investigating paper trails. There is physical evidence left behind when a paper trail is tampered with. Tampering with the paper trial necessarily require physical access. The list of ways in which paper is demonstrably superior goes on, and on...

Re:Election Fraud and Diebold

[amper]

You seem to have put at least *some* thought into the issue, but I can easily envision scenarios by which the points you made in your post would be effectively irrelevant. I will present one such scenario, briefly, here.

First of all, I would would like to say, as an aside, that the United States of America is not, and has never been, a "democracy". It is, in fact, a federal republic. Although this idea may seem to many to somewhat irrelevant to the topic of election fraud, it is relevant in that the federal system, in and of itself, provides easy paths to successful tampering of election results, particularly for the Republican/Conservative faction. The fact that the country has long been divided between relatively conservative rural districts/states, and relatively liberal urban areas is a side effect of the federal system that reinforces this possibility. Also of note is the electoral college, which ensures vastly greater proportional representation for those rural constituencies.

The mechanism I will describe *could* be used by either Party, but the real makeup of the country makes this mechanism far more effective in practice for the GOP.

Now, your assertion that election results, if tampered with, would need to effective mirror the actual voter turnout is not particularly relevant. The actual total number of votes cast is not in question--what *is* in question is the content of the individual votes, themselves.

Say, for example, I was a Republican sympathizer in the last two US Presidential elections, and I had a desire to attempt to tamper with the reported results in order to ensure victory for my Party. What I would do is not to attempt to disenfranchise liberal/Democratic voters in urban areas, but boost the tabulation of conservative/Republican votes in rural districts. Remember that by changing one vote, the effect in the tabulation is effectively doubled, assuming the total number of votes cast does not change. It is highly likely that in a district that has traditionally heavily favored Republican candidates, a slight reduction of Democratic votes and corresponding slight increase in Republican votes will go entirely unnoticed, especially in an environment where extreme partisanism has resulted in somewhat increased turnout for the Republican faction.

Given that there are many more rural conservative districts than liberal urban districts, such a slight change would be compounded by that number of districts where it would be possible to effect that change such that the overall results for any particular state could be changed dramatically. This mechanism would also be most effective in states such as Pennsylvania, Ohio, and Florida, where the balance, in terms of overall numbers of voters on either side of the aisle is close. Such an effect could easily swing one of these states to one side or the other. Although Ohio received the bulk of the scrutiny in the 2004 election, it is worth mentioning that Pennsylvania was decided by a smaller margin than Ohio.

The election machines used thus far have no *voter verifiable* paper trail, even, as far as I have been able to determine, the TSx series. A paper trail seems to be kept with these machines, but as it is not voter verifiable, it is as easily modified as the results stored in memory. Again, the actual number of changed votes in any particular district could and probably would, be statistically small in relation to the overall number of votes cast.

Even an incompetent programmer would have no trouble writing a routine to accomplish such an end, and the only point of intrusion required is before the point of delivery of the machines to the local election commission. Of course, as we have seen in past elections, the possible points of intrusion are many and varied.

I do agree with you, however, that it is the process that is mostly at fault, rather than the individual technologies.

Re:Diebold lobbied slashdot...

[kimvette]

No, it ended when only a minority of citizens bothered to register to vote, and only a minority of those actually bother to vote.

Re:Diebold lobbied slashdot...

[apotheon]

I'm a little mystified by the common belief that more idiots voting will fix anything. The problem isn't a low voter turnout: it's a low incidence of self-education about politics, and a low incidence of the ability to reason clearly, that is the problem with the US electorate.

Re:Diebold lobbied slashdot...

[sgt_doom]

To stick with historical consistency, it also worked for Nixon in that same election in the states of Virginia and South Carolina, which was why Nixon never contested the election.

But this bunch has taken it to entirely new levels --- and again, the US Constitution states that a close election will be decided by the House of Representatives, while the Supreme Court did decide the 2000 election in a most unconstitutional manner.

Re:Interesting Testimony, but flawed logic

[sim82]

He said that exit polling data should not be significantly different. There is a whole discipline in mathematics called 'statistics' that deal quite a lot with this thing called 'significance'. You can calculate how big the difference can get until it gets extremely unlikely that it occurred by chance.

Re:Diebold lobbied slashdot...

[confusednoise]

The follow-up line there is equally excellent:

Opus: Lord knows we need more statesmen...

No.

[raehl]

ATM's have had years to go through many iterations to get to a "secure" and "reliable" system (that even then can have anomolies)?

It's because if your ATM isn't secure, nobody will buy it, because they won't want to lose their money. If your voting machine isn't secure, the state government will buy it anyway.

Re:Time for drastic action soon?

[unitron]

"...until there is real fraud, in a real election, nothing is going to change."

I'd be flabbergasted if there hadn't already been. Until real fraud in a real election is detected and proven, nothing is likely to change.

C'mon /., let's talk tech

[Soong]

I am a software engineer on emebedded systems. I see a lot of boards like this.

The ability to boot from different sources is a normal debugging feature, not in itself sinister. Should they have cleaned that up on the production model? Yeah, sure. But verifiability is ultimately a human concern anyway, not a tech one.

It all comes down to who you trust.

If you don't trust the polling place, make the voting machine tamper proof.
But then you have to trust the guy who built the voting machine.
You have to trust the guy who loaded the software on it at the factory or the elections office.
You have to trust the guy who wrote the code. Even if you inspected the code, you have to trust him to give you a binary based on that and not pull a fast one.
You have to trust his compiler to give him a binary without compiled in back doors.
I feel like I probably haven't listed all the points where this voting machine chain of trust can break down.

On top of all that, voting machines are not cost effective vs hand counted paper ballots. So, I advocate for no voting machines.