Slashdot Mirror
The Diebold Voting-Machine Hack
Warm John writes to mention a short article on Doctor Dobbs Journal about the Hack that couldn't be done. "Hacking a Diebold voting machine was the focus of Cigital's Gary McGraw's keynote at SD Best Practices. He discussed 'Security Analysis of the Diebold AccuVote-TS Voting Machine,' a paper released by Edward Felten, Ari Feldman, and Alex Halderman of the Princeton Center for Information Technology Policy. 'The paper details a simple method whereby the Princeton team was able to compromise the physical security of a Diebold voting machine, infecting it with a virus that could change voting results and spread by memory-card to other machines of the same type.'"
I bet either someone is going to have 100% votes for Fred Flintstone, or someone is going to have a 60% write in for some person. Both of which could never happen and would do nothing except expose the voting machines as tamperable. I doubt someone is going to be smart enough to make the election look close, but vote for someone on the ballot. The only way a good ol conspiracy vote could happen is if the hacker got a load of money from a candidate. Well I guess that could happen.
God spoke to me.
This entire thing comes down to the ability to pick a lock so someone can replace the flash card. So why not put more secure locks on the devices? The paper ballots that we all love are also stored in locking containers, and as such are subject to the same fate as the Diebold tablets.
There are certain locks that are extremely difficult to pick... that's the solution.
You have enemies? Good. That means you've stood up for something, sometime in your life. --Winston Churchill
Why should the EVMs be that complex?
As complexity increases, chances of bugs/corruption etc increases.
Make it similar to the ones used in India/Brazil wherein it did its work without any hassles.
In my viewpoint-
The only issue with an EVM is the un-availability of a paper trail.
That can be easily taken care of. Once the person presses the vote button, let it print out a reciept (which the voter can look and make sure), which the person then deposit in a ballot box.
If issues of corruption occurs, we just have to count the reciepts. The reciept can be made in sucha a way that it is machine countable too.
Thus, the hassles of big ballots and manual counting can be taken out, and still we have the paper trail to use.
Or am I missing something?
rajmohan_h@yahoo.com
I've seen plenty of pro-Microsoft and pro-Diebold posts get modded up. All you have to do is have a clear point, and show it. You didn't manage that. You said the fraud happens, and it doesn't make a difference if we can trace it or not.
It does make a difference. With a punch card, or a paper ballot, or even a mechanical voting both anyone can trace when fraud has occured. And in those cases we implement some security, track where the fraud came from (if we can) and redo the election.
With the current generation of electronic voting machines, we can't do that. I don't care who makes a good machine, but Diebold hasn't made one. And they've defended that design as if they think it is a good machine. Geeks don't like people who pretend a bad design is a good design. We'll tear into them. If they routinely defend bad design by saying it is good design and overlooking what we think are obvious flaws we'll notice, and start to expect that. Until they change, a group that decides who they like on the technical ability of a company won't like them. They are lying about their technical quality; at least in our eyes.
I found the FAQ interesting. I liked the way they set the tenor of the questions, and included such things as "you weren't supposed to say anything about this!" The research seems pretty clear-cut, and the precautions that the researchers took appears to have been well thought out.
I hope that I underestimate the American people on this (including me), because the next tack that will be taken by Diebold will be, "Well, who in their right mind would want to tamper with an election? Calm down, citizens, this is just scaremongering by the right/left/pedestrians..." Once this is followed up with a suggestion that such might be "fomenting a panic designed to cause a breach of the peace," vague threats of arrest for those involved, and nothing changing.
Well, if nothing else, this voter's going to try his hand at absentee balloting this time around. Just in case...
Strike while the irony is hot! -- The Freethinker
Maybe this is an example of free market forces at work.
One customer wants a secure, hardened, auditable, time proven machine with a user verifiable paper trail.
The other doesn't need any of those features.
Therefore two entirely disparate product lines.
One is designed to protect $.
The other is designed to protect democracy.
Who will guard the guards?
it's called 'peer review' and in the science world it's not only expected but mandatory.
my question is this: has diebold's product undergone any sort of peer review? if it's important enough for someone studying the genetic inheretance of grey hair, it's important enough for someone entrusted with running an election for the most powerful person in the world, dontcha think?
2 1337 4 u!
Avi Ruben also has an interesting blog article on his experiences as a poll worker in the recent Maryland election.
Great minds think alike; fools seldom differ.
It seems to me that write once media could be a partial solution here- a multisession CDR running packet write software, can be analyzed just like paper- but compresses the information.
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
The other funny thing about money and Diebolds in Utah is that because they are so expensive, some precincts have fewer voting machines than ever before.
http://www.kcpw.org/article/1719/
This sig is inappropriate in a post-9/11 world.
I'll get mod-bombed right back down to Good Karma for this- but I have to say that I'm not at all sure it didn't happen in Ohio and Florida in 2004. The exit poll numbers, which had previously been extremely accurate in just about every election I'd ever heard of, were way off in those two states on the Presidential race- but the numbers were close enough that everybody focused on recounts instead (where possible).
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
"Then I don't know what can. We need more information like this to come out because when dealing with elections, the last thing we need--but apparently the opposition wants--is for some kind of shennanigans elecing the wrong person."
I don't know why so many people act like it's unthinkable to discard a flawed election and start over with a new one. In the case of a presidential election, the term expires, the Speaker of the House takes over, and stays in charge until a president and vice president is elected. Alternatively, if the election in a state is flawed, then the legislature of that state still has authority to choose its electors by any means they can agree on, provided they are not further constrained by state laws.
This is far from unthinkable, it's actually spelled out in the Constitution.
-fb Everything not expressly forbidden is now mandatory.
How come no one seems to be asking the slot machine manufacturers to make voting machines? They deal with millions - or billions - of dollars a day and seem to be able to account for every single penny accurately. As an added bonus, all they'd really have to do is change the 7's to donkeys and jackpots to republicans... Pull the lever for your new rep! Seriously though - they're the people who should be making the machines...
Problem: open systems are not patentable/copyrightable/proprietary and hence competition can come up with alternatives that are cheaper.
Really, the exploitability is an afterthought (or is it?).
I don't know why so many people act like it's unthinkable to discard a flawed election and start over with a new one.
I don't know why so many people act like we need these guys anyway.
I bet we could go years without a congress or a president... just make most of thoes "appointments" civil service jobs (with the corresponding relatively low pay scale (when compared to what they actually get paid)) and move on.
We've been at this for more than 200 years... just how many freakin' laws do we need?
Let's take a bit of time off... have the Supreme court review EVERY law on the books (that'll keep 'em busy for a while) and get rid of everything that is unconstitutional.
Only after the pool is clean do we let the swimming begin again...
--Phillip
Can you say BIRTH TAX
I keep saying this but a lot of fools seem to think they really have a chance of changing things.
One of my votes since 1998 has mattered. ONE.
Even then, I was #31.
My district is so gerrymandered.
If I was a republican- my vote doesn't matter.
If I was a democrat- my vote doesn't matter.
And then on top of that- I only get to vote for candidates that were pre-selected for me by the party (aka corporations, lawyers, and politicians (who are beholden to the corporations) ).
Why vote when it is going to be 70/30 for a candidate already owned by corporations.
It is crazy. At least we still have relative freedom in obscurity about the other issues you mention. it may be illegal but apparently 4.7 % of boomers are doing pot these days.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
This entire thing comes down to the ability to pick a lock so someone can replace the flash card.
Now that we know the machine itself is virus-susceptable, the next steps are:
1) See if the smartcard reader code has a vulnerability. (Any bets on a buffer overflow bug?)
2) If so, design a virus that can do the initial infection via the smartcard slot.
Succeed at 2) and you can carry a bogus smartcard in, insert it while you "vote", and infect a voting machine. Since the machines are apparently capable of passing the infection during the post-election vote collection process, you can take over the precinct (either all the remaining machines or the one doing the totals) by infecting one voting machine.
Design the virus to self-destruct after doing its dirty work and you don't even leave tracks.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Absolutely.
What is the obsession with machine voting anyway? The only advantage seems to be counting speed. Since by the time all the ballots are in, counting speed makes ZERO difference to the outcome of a fair election, it's an irrelevancy - what's a few more hours against an elected term that will go on for years?
The absolute requirement for me is that your voting system be comprehensible and auditable by the common man. Because it concerns us all. The system with the widest comprehensibility is pencil and paper.
While pencil and paper isn't flawless, the key difference is that it's a system that a lot of people understand. Irregularities are far easier to recognise by the common man. With a machine system, only someone who understands the machine can spot the system being subverted.
Print ballots. With boxes on. You make a mark in the box, you voted for that person. No chads, no hanging. And anyone who can count can see that the right thing is done.
Sure, introduce machine systems to help make it harder to subvert the voter system. But the basic counting mechanism should be a wet thumb and a box of rubber bands.
>Diebold is well known for banking systems, including ATMs
Diebold ATM turned into jukebox
Diebold ATM infected with Welchia
I intentionally lie to exit pollers. I do so because I want to make the mainstream media look like idiots when they make the wrong projections based on incorrect data. And I know that I'm one of many, among a relatively small sample size.
Like all telephone polls and Internet polls, exit polls are self-selecting. The only people that participate are those that WANT to do so. That effectively invalidates the results of the poll: if it is anywhere close to the actual vote, it's by accident.
Exit polls have one purpose: to keep you interested and glued to the television set on election night before the results are official, so the mainstream media can earn revenue for the advertisements they show you while you are waiting.
Don't confuse entertainment with facts.
I just don't get it. In Australia, we hear stories about vote tampering and security issues regularly coming from the USA, but for us its just a complete non-issue. We do all our voting on paper, and they're hand counted. I don't recall having ever heard about some scandal of suspected vote tampering here, we just have a natural expectation of a fair result. Is that simply because we're ignorant? Maybe. But I'll bet it's because our system has been tested by time, and everything is double or triple checked every step of the way. We don't need punch cards, lever machines or computers, and the instructions are so simple that virtually everyone has the opportunity to cast a valid vote.
So now, most Americans reading this are probably thinking "That'd take weeks to get a result"... well, we usually have a clear result by the evening of election day.
Sure it might cost a bit, but how much has all this nonsense cost the USA? Elections aren't something where corners should be cut for cost savings, they're the foundation of our democracy.
That's what they mean when the pundents screech "paper trail!". The "paper trail" isn't for the voter to take home but to verify before depositing it in a ballot box. The problem is the voting machines that are produced by and large don't print anything. The votes are recorded inside and transfered to a larger repository for counting. If the count is off, there is no way to recount other than the faulty data in the machine already.
When you consider the ease of simply printing a receipt like slip of paper one has to wonder why they refuse to make them all do it. There is more accountability when you go to the supermarket than when you go vote.
B.
This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
I'm from Australia; we do. In fact, I'm one of the polling officials who does the counting. However, with our recent elections, there have been heaps of candidates and the ballot papers have been huge (like say 2xA3 sheets joined together). There are also a tonne of informal ballots, both deliberate ones, and ones where people just haven't understood the voting procedure, and have failed to make their preference clear. Computer voting could reduce this. Because the generated ticket wouldn't have to have all the options, just the candidate(s) that were voted for, that would shrink the currently-cumbersome ballot paper considerably. Because the computer screen could offer online help, and would not accept informal votes, that problem would be reduced too. A computer system is pretty flexible as well, and you could offer multiple interfaces (text-to-speech, for example) for those with disabilities, and present ballot papers and instructions in multiple languages. There are a lot of reasons to use a good computer system for voting, with the emphasis on the "good".
Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
This is a congressional hearing of Clinton Curtis in which he explains how easy it is to write software to rig elections, and in fact has been asked to do so by member of the House Tom Feeney (R). Curtis testifies under oath. Feeney says afterwards he does not 'remember' meeting Curtis.
The media has not been reporting on this; though this apparently happened in December 2004 today is actually the first time I saw this hearing by just browsing through youtube.
And when you gaze long enough into the code, the code will also gaze into you.