Slashdot Mirror
Worst Ever Security Flaw in Diebold Voting Machine
WhiteDragon writes "The folks at Open Voting Foundation got their hands on a Diebold AccuVote TS touchscreen voting machine. They took it apart (pictures here), and found the most serious security flaw ever discovered in this machine. A single switch is all that is required to cause the machine to boot an unverified external flash instead of the built-in, verified EEPROM."
Nothing for you to see here. Please move along
That's exactly what Diebold wants you to think...
You'd think in this day and age we'd have some idea of how to create a secure voting system. Unfortunately it doesn't seem like much of a concern to the politicians. They assume computers are more secure than paper because they don't understand them. Nevermind all the computer scientists warning about the pitfalls of electronic voting. Let's just trust this Diebold sales guy over here! We know he's telling the truth because of the billion dollar contract!
Here's a hint for politicians: If in a population of 300,000,000 only 1,000,000 are capable of understanding how the voting system works, and if only 1,000 people are actually allowed to see how it works, and if there's no verifiable paper trail or any simple and legitimate verification system, then democracy is a farce.
I attribute most of these errors to poor design, not anything intentional. Personally I like the old fashioned lever machines my district uses. It is very hard to hack those, I hear. Unlike computers and paper cards, you never hear bad things spoken about lever voting machines.
Information wants a fueled airplane waiting at the hangar and no one gets hurt.
Electronic voting machines with no paper trail are an insult to democracy. That they come with switches to bypass even the dubious "safeguards" provided is hardly a surprise.
My blog
a Diebold AccuVote...
At least their marketing department has a sense of humor.
Developers: We can use your help.
When will the people wake up? I suspect (some) politicians are well aware of the "flaws" found in the system.
You better watch out, there may be dogs about . .
Thank you, thank you! I'll be here all week. Try the veal!
There are many good reasons to switch to American Idol call-in voting.
1. They still have the electoral college, so it's not like a spam vote will elect the "wrong" candidate.
2. Since the NSA monitors all phone calls, they could track cheaters really easily, compared with this mess we have now.
3. Way more voter participation, you don't have to go anywhere, you just call in with your social or something, etc.
stuff |
is if a Libertarian or Green Party candidate wins....
Taking guns away from the 99% gives the 1% 100% of the power.
how will that ever happen WITH these flaws already in place? Diebold machines have been used numerous times already...
I never spellcheck and I freely admit it. Save your karma for more worthwhile "lol erorrs" replies
This is Diebold. Mirror early, mirror often. They love to sue critics like these. Wget may be the only way to save history.
Any company with devotion to a fair and secure voting system would not make such an obvious oversight. If it was in fact an oversight, it shows that Diebold is far too incompetent to be creating voting machines. You would also think that a company in charge of something so important wouldn't show blatant partisanship either. Why are they still employed?
Similes are like metaphors
About the only way a Libertarian, Green Party, or even Democratic candiate will win will be if they ever fix these things!
Jeremy
I thought the biggest flaw was their certification by states for use in actual elections.
--
make install -not war
The AcuuVote machines are what they are, not due to poor design or unintentional mistake. They are the result of a deliberate intent to enable fraud on a massive scale. Viewed from this perspective, the AccuVote design is very good. The real problem comes when Diebold realizes that it needs to become better at obfuscation and makes it harder to detect the fraud.
Sorry, I have never seen the point of these machines. Paper ballots are auditable, user friendly, and if electronics is put into the reporting system, can be counted in a few minutes and submitted. Voting machine are a perfect example of a technology fetish at work. It would make an interesting case study to examine the economic and sociological reasones why we sometimes buy technology that we don't need, don't want and further, serves no useful purpose.
Has anyone answered the question regarding need for automated vote counting in a satisfactory way?
Seems to me that manual counting of votes would be vastly more secure as it would take a huge conspiracy to affect the result either way.
Counting a hundered million votes is hard, counting a thousand votes in a hundered thousand locations is easy.
Wax-Museum Fire Results In Hundreds Of New Danny DeVito Statues
This article is a little high on the hype. The general rule is that if you have physical access to any computer system you can compromize its security.
Don't you think that a flaw that would allow people to vote multiple times or a flaw in the security by which the voting machine uploads results to the central server or flaws in the central server itself are worse than this.
Gee, we have physical access to the guts of a machine and we can do things to it. I'm not terribly impressed.
I don't see how this is the "biggest security flaw ever discovered. Any system will have some method of flashing new code if you have access to the hardware, and while this makes it a little easier, it is not as big of a deal as they make it out to be. After you verify that the system has the correct (independently audited) code loaded into it, you put a tamper-proof sticker on the case, and call it good.
This is nowhere near as bad as the bugs that allowed exploits though the normal user interface, or the fact that the way the votes are stored allows easy tampering by election officials, or the fact that there is no way to recount or verify that the recorded votes are correct.
This is something that can be improved upon, but it isn't a fatal flaw and certainly not one of the main reasons that Diebold machines should be banned.
Not to pick nits here, but whether or not a voting machine is trustworthy is a boolean variable. Either it's trustworthy, or it is not (and therefore worthless).
As far as I'm concerned, every election using any machine found to be compromisable should be invalidated, and a paper ballot revote should be held.
If you don't trust $[POLITICALPARTY] with your democracy, why should you trust the men behind the curtain?
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
more aggressive on this issue.
Electronic Voting machines are not a trustworthy technology. They can be made reasonably trustworthy, but only with significant and constant public involvement and oversight. The core element to this happens to be our requirement of anonyminity for our votes. Being unable to link votes to voters means we must then capture the actual votes themselves if we are to be sure the election is just and true.
Roughly 80 percent of Americans will be using these machines in the coming elections. That should scare the tar out of every one of you, regardless of your political bent.
In 2004, this number was about 30 percent and the problems were so great, we really have no assurance our election results actually reflect the will of the American people, whatever that may be.
Think of it this way. Let's say I'm the voting machine counting votes. You tell me what your vote is, and I update my mental count. Can you see that I updated the count correctly? I could report your vote back to you correctly, yet still maintain a different internal count. There is no way to really know is there? That's the problem we face with electronic votes.
The votes are encoded into states stored on devices nobody can directly observe, other than via the proxy of other electronic technology. Essentially, we are voting by proxy when we vote electronically. Without an accounting in the form of a serial voter-verified paper record, or the use of vote storage that is both human and machine readable, we cannot oversee the election results in a manner that brings confidence to the whole affair.
These machines are general purpose computers for the most part. We all know how easily these things are tinkered with because it's what most of us do! Biggest problems are:
-no direct accountability on elections officials to actually hold a just and true election. Technology can and will be blamed for problems, leaving these folks off the hook for failed / unjust elections. Not good. Where the incentive for corruption and manupulation exists, you can bet it's happening. There is too much at stake for it to be otherwise.
-poor understanding of the core technology differences between paper voting and electronic voting. I summarized it above and have a longer, easy to understand, paper here. Mail it to your legislators along with a request for their position on the matter. If you do the mailing, please also do the request. That forces a response, which helps increase the overall perception of the importance of the issue. http://www.opednews.com/dingusDoug_112604_electron ic_voting.htm
Said poor understanding extends to all of us really, legislators and citizens alike. Too many people consider electronic data processing systems as being better than they actually are. Consider this: If they are so infallable, why do ATM machines deliver receipts? Also, be careful about ATM comparisons. The primary difference between an ATM machine and an electronic voting machine lies in the anonymous nature of voting. ATM transactions are keyed to people, electronic voting records are not --thus the need for a voter-verified paper trail.
What do we need to ask for?
Voter verified paper trails that are human readable, serial in nature and easily handled / processed for recounts. Flimsy, thermal rolls that can discolor from improper storage and or handling won't cut it.
Audits at the precinct level. These can catch abnormalities easily and quickly before too much damage is done. Use the paper record to verify issues and act accordingly.
Strong exit polling. Notice how that is being downplayed now? The reason is simple. In 2004, the exit polls did not jive with the voting records, yet we have been exit polling for a good long time. The differences did not appear in this way until the advent of the electronic machines.
Legislation that reinfo
Blogging because I can...
The government being of, for, and by the people, each ballot cast in a public election for federal office shall produce a physical ballot able to be read and counted by a human unaided by electronic computer.
Build a man a fire, he's warm for one night. Set him on fire, and he's warm for the rest of his life.
Not so sure about that. Here in Maryland, our (Republican) governor budgeted $20,000,000 to allow us to use paper ballots instead of the Diebold crap -- and he was shot down by our State Senate (democrat)and prinicpally by our State Administrator of Elections, who claimed that going back to old-style ballots would "stifle development."
I'm sure you can find the parties flip-flopped in other states. The point is that if a) people actually gave a shit and b) people really understood the issue instead of blindly assuming "computer = good, paper = bad," any cronyist jackass who supported Diebold would get booted stratight out of office next election -- assuming their evil scheme hadn't yet been implemented. ;-)
Even if diebold took out all of the headers to put a different ROM in there, and make damn sure you couldn't connect to it externally, there are still many attack vectors.
* From the article:
So... you can connect an external eeprom that runs your own code within a few minutes. Fromt he above statement, the diebold protocol is pretty hard to crack, and writing your own firmware or such a board is verging on impossible.
Even if it were possible to write your own firmware, you would have the ability to flash the onboard eeprom just as quickly, or even do A quick solder job on the onboard chip, replacing it with your own. I know this is a little harder, and more likely to get get caught out with, but given the possibility of writing a working firmware, it's in a similar scope of difficulty.
Considering you can desolder a 16 pin EEPROM within seconds, or just as easily hijack it's communication interface (probably just I2C) it's not unreasonable that there are going to be lots of flaws in this system. If one were determined enough, you could hack the machines to high heaven, with the further possibility of no forensic traces.
There are other fundamental problems with this argument too, like what happens with the data logging internally whilst running off the eeprom. You would have very accurate firmware to get anything like a good result.
Also I would imagine these machines have internal software auditing to make sure that an reboot/reload of application code is registered. Cryto signatures etc.
There will be no way to make these things so secure that "Open Voting Foundation" will be entirely happy. They would be out of jobs that way.
Signature v3.0, now with 42% less memory usage.
Of course not. Banks are very insistent that their ATMs report withdrawals accurately. Money is important. Votes, though... I mean, what's the worst that can happen if you miscount votes slightly? You'd only end up with Kodos instead.
Real Daleks don't climb stairs - they level the building.
Given taxi meters and electricity meters both have tamper seals, you would have thought that these would have visible tamper seals as well. If in doubt you could even have two tamper seals: one from Diebold and another from the voting commission, in order to ensure that both parties are satisfied with the state of the machine.
Jumpstart the tartan drive.
It actually a bit of a paradox. By implementing better obfuscation, the code becomes unreadable, and therefore cannot be certified as being accurate.
Maybe the solution is to take it to a higher level and reinvent the wheel, so to speak.
Design it from the ground up. Special use processors, memory, OS, communications protocols. Redesign everything from scratch. Make it completely unique.
If it doesn't run code that works on ANY other platform, then no one outside the company can write code for it. (Unless there's a leak, and then the redesign process begins again.)
20 Amazing Facts About Voting in the USA
Everyone who says that Diebold is too incompetent to create a secure voting maschine is following the wrong trail.
I have designed a Direct Recording Mechanical vote recording, anonymising and counting machine. It uses no electronics. It can be scrutinised right up until it is required for an election. You can see your vote going through.
The machine is based around mechanical, add-only tally counters. A column of these are mounted in a transparent polycarbonate housing, one for each candidate and an extra counter for total votes. The candidate counters are surrounded by etched plastic which transmits light but prevents anyone seeing exactly what is behind it. Over each counter except the total counter is a shutter, and a large button. Depressing the button retracts the shutter. If the button is released it will return partway, but the shutter will remain retracted and all the other buttons are now locked: the only way to clear the machine is to depress the button fully. This will advance the adjacent counter and, by means of a slotted bar linkage (which is visible through the clear polycarbonate), also advance the total votes counter. After this, the machine must be primed for another vote by the Presiding Officer: this would probably be done remotely by means of a Bowden cable.
These machines could be made available for scrutiny almost right up to the election. Anyone can observe that the system allows only one vote per priming operation, that the candidate and total vote counters advance together, and that no other counters are advanced. (For this operation, the shutter mechanism can be modified by removing the actual shutter from the moveable supports; thus allowing full observation of all counters. In an election situation we do not really want to give away the number of votes for each candidate so far, so all but the one being voted for are obscured. The etched plastic nonetheless would allow one to see the counter changing even if one could not see what it changed from or to.) At the opening of polling, the numbers on each of the counters are recorded, signed by witnesses, sealed in an envelope and attached to the machine. At the close of polling, all shutters are retracted to read the figures. The original figures are subtracted from the new figures to give the numbers of votes, which can be checked against the total.
Note there is no possibility of post-election verification; since anonymisation, recording and counting are done in one operation. This also obviates any need for post-election verification, since one can be satisfied from having examined the machine before an election that it functions as intended and only as intended. A number of people working in concert might be able to discern an approximate result, but this IMHO is much less insecure than e.g. issuing voters with a record of their vote.
Je fume. Tu fumes. Nous fûmes!
The difference is that with a paper voting system there are a lot of participants. For election fraud you need very many persons to know and participate.
With electronic systems, it is possible to modify something in the sofware with only very few people knowing and participating, and still have influence on the end result.
It is of course much easier to have 3-10 persons work with you, than 10.000
All this has been addressed by the suppliers of Las Vegas casino slot machines. Why not just use them to build the machines?
E Proelio Veritas.
In 2003 Walden O'Dell CEO of Diebold said in a letter to Ohio Republican officials that he was "committed to helping Ohio deliver its electoral votes to the President". http://en.wikipedia.org/wiki/2004_U.S._presidentia l_election_controversy,_voting_machines
Of course, no matter what line of work you're in you have a right to support whoever you wish, but as the head of a company in charge of making voting machines, it may be in your best interest to appear bipartisan. Stupid stupid stupid...
Similes are like metaphors
You must never be impressed. How can we have a secure election if nobody can physically access the machines? If thats not what you want, we will never have a secure election. I can accept that, but what I can't accept is a private corporation exerting its influence on the election process by directly affecting the machines that count our votes.
This is "impressive" because it shows either incompetence or bad intent. Sure physical access can mean compromising a computer, but that doesn't mean you have to make it EASY or efficient for your corporation to defraud elections.
"how can they call it a MINE if everything here is THEIRS?!?!" -Straight Jacket
This shouldn't be news to Americans. If you've paid attention to the antics in the last 3 election cycles and the discrepancies between exit polling and actual results, you'd know what's going on. Same thing just happened in Mexico. Expect it to happen here in November. Democrats leading in races by 5% or so, then a miraculous Republican turnout (contradicted by all polls) will maintain their majority. Anyone who protests the results or points out election day shennanigans will be ostracized by the "liberal" media as a whiney sore loser. Welcome to Oceania.
I swear to God...I swear to God! That is NOT how you treat your human!
Call me Machiavellian, but I'd wager this goes across party lines. Self interest of those in power to maintain said power. Just as gerrymandering isn't a one party phenomenon, neither is vote-rigging. (1968 democrats, possibly 2000 and 2004 republicans)
You better watch out, there may be dogs about . .
It won't be long before someone finds a while to build a targeted virus for these machines that changes the counters on that machine and all other machines it can reach on the network. And I won't be surprised when it's as simple as inserting one of those cards in the front of the machine and is done while the hacker is given privacy to cast their vote. The only question is if someone is good enough to do that, will we be good enough to find out, especially if the virus/worm is only memory resident so there aren't any traces.
...and the lack thereof is what really sickens me.
You can't ever trust a computer, no matter what, ESPECIALLY in such an important thing as a governmental election. We *need* checks and balances.
1) Vote with electronic voting machines.
2) Receive a paper reciept with a 'checksum' of sorts that add up to your specific votes (this is the only pitfall right now, since obviously printing a paper reciept is WAY too complex to code by Diebold programmers)
3) Submit your checksum to any number of third party, independent voting "Check & Balance" websites. These sites can independently tally votes from citizens in each voting district, and if descrepencies occur between the official count and any number of these sites, secondary validation routines/alerts can occur.
Why would this be such a hard solution? I'm sure any number of you can code a simple database/website that tallies citizens' votes. I'll do the hosting for free.
Let's open source this muther f*cker, whether they like it or not!
It is pitch black. You are likely to be eaten by a grue.
Now, is there a single convincing reason why the simplest, most secure and easily verifiable system - paper ballots - aren't used? Why all the machines? Lever, butterfly ballots, electronic... What problem is it that these systems are meant to solve?
I suspect it is a combination of "We want some result in an hour or two - we are too impatient to wait for it to be counted properly" and "We want a system that we can manipulate without any audit trails."
>Perhaps if it was rigged so that "Mickey Mouse" wins, someone would see the light.
It was, he did. You might know him as George though.
I want a list of atrocities done in your name - Recoil
I wondered if there was a petition related to this online and found it at http://www.petitiononline.com/boycottd/petition.ht ml. I don't know when it was created but so far only about 230 people have "signed" it.
Because absentee voters get a paper ballot that is not only delivered by a trusted source - the US Post Office - who have a verified date/time stamp - and that the ballots can be audited, traced, and verified - now THAT is a reason to register permanent absentee.
Today.
-- Tigger warning: This post may contain tiggers! --
The biggest security flaw is the fact that the machine doesn't check for US citizenship before allowing someone to vote.
If you can't do it on paper, how do you expect the machine to work?
Fix the problems with the paper, then develop the machine.
Here's a depressing comparison, showing the rules surrounding slot machines in Vegas vs. voting machines:
Vegas vs. Electronic Voting Machines
1968 Democrats?
If the Democrats rigged the 1968 election, they don't deserve to hold office. Richard Nixon, Republican, won the 1968 election.
"I have as much authority as the pope, I just
don't have as many people who believe it" - George Carlin
That may be true, but it only protects against vote stuffing, not vote flipping. By vote stuffing, I would include overwriting the database with a new file. Malicious code could contain an algorithm to flip a small percentage of votes while they're being cast. In that case, the total number of votes in the machines will equal the number of voters who signed in with the pollworkers. A VVAT will protect against that though, if the paper receipts are actually audited.
You are correct about process and oversight being more important than any technical vulnerabilities.
I think it's of great concern which party it is: since Diebold and the other big supplier of voting machines (whose name eludes me for the moment, but is owned in part by Republican Senator Hagel) are run by major donors of the Republican party. It's a very relevant concern.
(btw: I think you're talking about 1962 Democrats...but then again, the topic is voting technology and not alleged vote dumping in Lake Michigan)
1968 was the Democratic Convention riots, IIRC. (which, quite obviously, maybe I don't)
You better watch out, there may be dogs about . .
The Nevada Gaming Control Board has technical standards for slot machines. They've had enough fraud over the years that they know what has to be done. Some highlights:
(a) Employ a mechanism approved by the chairman which verifies that all control program components, including data and graphic information, are authentic copies of the approved components. The chairman may require tests to verify that components used by Nevada licensees are approved components. The verification mechanism must have an error rate of less than 1 in 10 to the 38th power and must prevent the execution of any control program component if any component is determined to be invalid. Any program component of the verification or initialization mechanism must be stored on a Conventional ROM Device that must be capable of being authenticated using a method approved by the chairman.
(b) Employ a mechanism approved by the chairman which tests unused or unallocated areas of any alterable media for unintended programs or data and tests the structure of the storage media for integrity. The mechanism must prevent further play of the gaming device if unexpected data or structural inconsistencies are found.
(c) Provide a mechanism for keeping a record, in a form approved by the chairman, anytime a control program component is added, removed, or altered on any alterable media. The record must contain a minimum of the last 10 modifications to the media and each record must contain the date and time of the action, identification of the component affected, the reason for the modification and any pertinent validation information.
(d) Provide, as a minimum, a two-stage mechanism for validating all program components on demand via a communication port and protocol approved by the chairman. The first stage of this mechanism must verify all control components. The second stage must be capable of completely authenticating all program components, including graphics and data components in a maximum of 20 minutes. The mechanism for extracting the authentication information must be stored on a Con
Paper trails are just as susceptible to fraud as electronic systems.
Do you actually believe that or are you just playing devils advocate?
The only measure in which that can be accurate is the binary "Is fraud possible?" measure, any measure which takes into account degree of susceptibility, paper is the hands down winner.. Just for starters, we have experience investigating paper trails. There is physical evidence left behind when a paper trail is tampered with. Tampering with the paper trial necessarily require physical access. The list of ways in which paper is demonstrably superior goes on, and on...
"I'll have a Guinness, no wait, make that a Coors Light" -Grad student I work with, who shall remain anonymous...
Oh it is worse than that...
In August 2003, Walden O'Dell, chief executive of Diebold, announced that he had been a top fund-raiser for President George W. Bush and had sent a get-out-the-funds letter to Ohio Republicans. In the letters he says he is "committed to helping Ohio deliver its electoral votes to the president next year."
Ken Blackwell (Ohio's Secretary of State (Repub)) and current canidate for Ohio Gov is the one who certifies Ohio's elections, and is the one who approved the use of Diebold's machines.
Ohio State Senator Jeff Jacobson, Republican, asked Blackwell in July, 2003 to disqualify Diebold Election Systems' bid to supply voting machines for the state, after security problems were discovered in its software, but was refused.
When Cuyahoga county's primary was held on May 2, 2006, officials ordered the hand-counting of more than 18,000 paper ballots after Diebold's new optical scan machines produced inconsistent tabulations, leaving several local races in limbo for days and eventually resulting in a reversal of the outcome of one race for state representative. Blackwell ordered an investigation by the Cuyahoga County Board of Elections; Ohio Democrats demanded that Blackwell, who is also the Republican gubernatorial candidate in this election, recuse himself from the investigation due to conflicts of interest, but Blackwell has not done so.
DJMD - The fourth man - Planetary
You seem to have put at least *some* thought into the issue, but I can easily envision scenarios by which the points you made in your post would be effectively irrelevant. I will present one such scenario, briefly, here.
First of all, I would would like to say, as an aside, that the United States of America is not, and has never been, a "democracy". It is, in fact, a federal republic. Although this idea may seem to many to somewhat irrelevant to the topic of election fraud, it is relevant in that the federal system, in and of itself, provides easy paths to successful tampering of election results, particularly for the Republican/Conservative faction. The fact that the country has long been divided between relatively conservative rural districts/states, and relatively liberal urban areas is a side effect of the federal system that reinforces this possibility. Also of note is the electoral college, which ensures vastly greater proportional representation for those rural constituencies.
The mechanism I will describe *could* be used by either Party, but the real makeup of the country makes this mechanism far more effective in practice for the GOP.
Now, your assertion that election results, if tampered with, would need to effective mirror the actual voter turnout is not particularly relevant. The actual total number of votes cast is not in question--what *is* in question is the content of the individual votes, themselves.
Say, for example, I was a Republican sympathizer in the last two US Presidential elections, and I had a desire to attempt to tamper with the reported results in order to ensure victory for my Party. What I would do is not to attempt to disenfranchise liberal/Democratic voters in urban areas, but boost the tabulation of conservative/Republican votes in rural districts. Remember that by changing one vote, the effect in the tabulation is effectively doubled, assuming the total number of votes cast does not change. It is highly likely that in a district that has traditionally heavily favored Republican candidates, a slight reduction of Democratic votes and corresponding slight increase in Republican votes will go entirely unnoticed, especially in an environment where extreme partisanism has resulted in somewhat increased turnout for the Republican faction.
Given that there are many more rural conservative districts than liberal urban districts, such a slight change would be compounded by that number of districts where it would be possible to effect that change such that the overall results for any particular state could be changed dramatically. This mechanism would also be most effective in states such as Pennsylvania, Ohio, and Florida, where the balance, in terms of overall numbers of voters on either side of the aisle is close. Such an effect could easily swing one of these states to one side or the other. Although Ohio received the bulk of the scrutiny in the 2004 election, it is worth mentioning that Pennsylvania was decided by a smaller margin than Ohio.
The election machines used thus far have no *voter verifiable* paper trail, even, as far as I have been able to determine, the TSx series. A paper trail seems to be kept with these machines, but as it is not voter verifiable, it is as easily modified as the results stored in memory. Again, the actual number of changed votes in any particular district could and probably would, be statistically small in relation to the overall number of votes cast.
Even an incompetent programmer would have no trouble writing a routine to accomplish such an end, and the only point of intrusion required is before the point of delivery of the machines to the local election commission. Of course, as we have seen in past elections, the possible points of intrusion are many and varied.
I do agree with you, however, that it is the process that is mostly at fault, rather than the individual technologies.
Not requiring voters to show official picture ID.
Actually, Diebold's ATMs aren't nearly as reliable as people think. I actually saw and played with an ATM at Carnegie Mellon University which crashed and rebooted into XP... people had it running Media Player until some sleep-deprived kids taking OS couldn't take it any more. Some pictures here.
It really seems like nothing short of a massively-publicized fraud is going to stop the juggernaut that is Diebold right now. There have been enough vulnerabilities reported, and no action has been taken. It's becoming more and more obvious that until Something Bad happens to a production system -- not a test system, not a "simulated election," until there is real fraud, in a real election, nothing is going to change.
Given that voting is pretty much the most fundamental part of democracy and a free society, maybe we're approaching the point where some sort of "direct action" is going to be required.
Think of it like a bomb that has to be defused; sometimes you need to make the bomb blow up in a controlled manner, in order to keep it from going off at some less convenient time when it would be more damaging.
The only way that Congress is ever going to wake up to the threat that these Diebold machines represent is when there's a major election fraud perpetrated in some painfully obvious way. I know I'm going to sound extreme here, but maybe what's going to be required is for somebody to purposely invalidate an election; delete all the votes from several polling places and replace them with votes for "Santa Claus" or something -- be creative. Or just brick the machines at the very beginning of a voting day; I can't imagine that anything the Diebold salespeople do will be able to preserve their reputation in the face of that level of chaos.
I understand that this path is quite a dangerous one to go down, in fact a person being caught doing it in today's climate would probably run the risk of being labeled a 'terrorist' or worse. However, right now we're heading straight for an iceberg labeled "election fraud" and it's becoming obvious that the American Public in general and Congress in particular is planning on sitting with their thumbs in their ears until we run straight into it.
Just food for thought.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
More Diebold Voting Machine Fun
s installs
YMMV
http://www.votergate.tv/
http://www.equalccw.com/dieboldtestnotes.html
http://www.equalccw.com/dieboldtestnotes.html#gem
http://midnightspaghetti.com/newsDiebold.php
http://www.archive.org/details/TheCageBushKerry
hylas
~hylas
Nice to see that at least the people at Diebold know their Stalin. It's not the people who vote that count, it's who counts the votes.
At least by now it's not a matter of ruining your wrist by filling out a few million ballots just so you can get the vote you want. Gotta love technology. It makes things so much easier.
There is a flaw in this testimony. The programmer absolutely states that if exit polling data is different from the totals from the machine it means there has been tampering. You can't make that jump in logic.
Exit polling data has always been inconsistent in that the interviewer picks and chooses what they think is a sample which is representative of the majority. If they choose the wrong people that will affect the sample. And, depending on when the exit polling was done this will influence the exit polling. On any random day there has been statistical skew as to when liberals vote versus conservatives vote. If you end exit polling early on one site or start late on another site you can have exit polling different from what the actual totals are.
Quality Hosting e3 Servers
A couple years ago, I went to Fermilab to see a Chomsky talk. Kucinich bumper-stickers spread thine selves across the parking lot... Anyhow, someone there (I was in the overflow CCTV room) asked Mr. Chomsky what he thought of the electronic voting machines, paper trails, etc. mugging for a tirade about the death of democracy. His heavily paraphrased response:
Why are you worried about one side of the 'Business Party' playing with the margins? 50% of the eligable voters don't even bother. Further, abstension in U.S. elections occurs for the same reasons as abstensions occur everywhere else: there's no "None of the Above" box to punch. Fix that problem (which in practice prevents half of the populace from voting) before you get all worried about the one-half-of-one-percent that's being fudged.
Meh. I say we just use slot machines to vote. It's the perfect solution given that each administration is a gamble anyways.
*chug chug chug chug...chuck...clunk* WOOHOO! It said I voted for Party-X. That's right. Now that I think about it, I've ALWAYS wanted to vote for Party-X.
Life is not for the lazy.
ATM's have had years to go through many iterations to get to a "secure" and "reliable" system (that even then can have anomolies)?
It's because if your ATM isn't secure, nobody will buy it, because they won't want to lose their money. If your voting machine isn't secure, the state government will buy it anyway.
paintball
I am a software engineer on emebedded systems. I see a lot of boards like this.
The ability to boot from different sources is a normal debugging feature, not in itself sinister. Should they have cleaned that up on the production model? Yeah, sure. But verifiability is ultimately a human concern anyway, not a tech one.
It all comes down to who you trust.
If you don't trust the polling place, make the voting machine tamper proof.
But then you have to trust the guy who built the voting machine.
You have to trust the guy who loaded the software on it at the factory or the elections office.
You have to trust the guy who wrote the code. Even if you inspected the code, you have to trust him to give you a binary based on that and not pull a fast one.
You have to trust his compiler to give him a binary without compiled in back doors.
I feel like I probably haven't listed all the points where this voting machine chain of trust can break down.
On top of all that, voting machines are not cost effective vs hand counted paper ballots. So, I advocate for no voting machines.
Start Running Better Polls