Slashdot Mirror
Opening Diebold Source, the Hard Way
Doc Ruby writes to tell us about an article in the Baltimore (MD) Sun, reporting that someone sent a package to a former legislator containing what appears to be Diebold source code. From the article:
"Diebold Election Systems Inc. expressed alarm and state election officials contacted the FBI yesterday after a former legislator received an anonymous package containing what appears to be the computer code that ran Maryland's polls in 2004... The availability of the code — the written instructions that tell the machines what to do — is important because some computer scientists worry that the machines are vulnerable to malicious and virtually undetectable vote-switching software. An examination of the instructions would enable technology experts to identify flaws, but Diebold says the code is proprietary and does not allow public scrutiny of it." Read on for more of Doc Ruby's comments and questions.
Maryland's primary elections last month were ruined by procedural and tech problems. Maryland used Diebold machines, even though its Republican governor "lost faith" in them as early as February this year, with months to do something about it before Maryland relied on them in their elections.
The Diebold code was secret, and was used in 2002 even though illegally uncertified — even by private analysts under nondisclosure. Now that it's being "opened by force," the first concern from Diebold, the government, and the media is that it could be further exploited by crackers. What if the voting software were open from the beginning, so its security relied only on hard secrets (like passwords and keys), not mere obscurity, which can be destroyed by "leaks" like the one reported by the Sun? The system's reliability would be known, and probably more secure after thorough public review. How much damage does secret source code employed in public service have to cause before we require it to be opened before we buy it, before we base our government on it?
Maryland's primary elections last month were ruined by procedural and tech problems. Maryland used Diebold machines, even though its Republican governor "lost faith" in them as early as February this year, with months to do something about it before Maryland relied on them in their elections.
The Diebold code was secret, and was used in 2002 even though illegally uncertified — even by private analysts under nondisclosure. Now that it's being "opened by force," the first concern from Diebold, the government, and the media is that it could be further exploited by crackers. What if the voting software were open from the beginning, so its security relied only on hard secrets (like passwords and keys), not mere obscurity, which can be destroyed by "leaks" like the one reported by the Sun? The system's reliability would be known, and probably more secure after thorough public review. How much damage does secret source code employed in public service have to cause before we require it to be opened before we buy it, before we base our government on it?
I think the closed source parking garage was a perfect example why the government shouldn't let a private company control government assets or processes.
Couldnt Resist a reply
With all the vulnerabilities in voting machines, it amazes me that the states do not mandate paper trails. Someone wouldn't even need access to the source code to start changing votes. For example, in this report from ABC News on October 1st, they discuss a method to almost invisibly manipulate both votes recorded and logs, all with only a couple minutes access to a voting machine.
Here's an excerpt:
In a paper last month, "Security Analysis of the Diebold AccuVote-TS Voting Machine," (available at http://itpolicy.princeton.edu/voting/) Princeton computer professor Edward W. Felten and two graduate students Ariel J. Feldman and J. Alex Halderman discussed a common Diebold machine. They showed that anyone who gets access to the machine and its memory card for literally a minute or two could easily install the group's invisible vote-stealing software on the machine. (Poll workers and others have unsupervised access for much longer periods.) Changing all logs, counters, and associated records to reflect the bogus vote count that it generates, the software installed by the infected memory card (similar to a floppy disk) would be undetectable. In fact, the software would delete itself at the end of Election Day.
Crack - Free with every butt and set of boobs
Hopefully more people including journalists will receive that, have experts look at it and expose the scam.
Sounds unlikely though, since this is all illegal.
I don't know. I mean, I'm not sure of the details of the current system, but is the software available before the election?
If not, it is more secure in a way, since malicious users can't test exploits on it before the election, and then they have limited timeframe to do that during the election. If it's open source, and up for review, someone could find the exploit and not tell anyone, right?
This is just my initial reaction to the idea, so I might be way off. Any thoughts?
Ben Hocking
Need a professional organizer?
That could change if they move Slashdot to Diebold boxes!
One would think that the state would require the sourcecode for due diligence...
Hey! I made the first post and then it just disappeared! Damn new /. Diebold servers! (shakes fist)
#1. Flaws in the code that could be exploited by anyone who knew them. The classic "security via obscurity". This is just plain stupid.
#2. Trade Secrets would be revealed. So Diebold has some ingenious work in the system that it does not want revealed.
#3. Stolen code would be revealed. So Diebold illegally incorporated code from someone else in their product and doesn't want anyone to see it.
#4. Legal code re-use. So Diebold uses the same code on their ATM's as their voting machines and they worry that anyone with access to the voting code could POSSIBLY find a flaw in the ATM systems.
Anyone have any other possibilities?
if Diebold has done nothing wrong then they should have nothing to hide, that includes sourcecode, open the sourcecode and allow peer review by experts like those that build BSD & the Linux kernel
Politics is Treachery, Religion is Brainwashing
Apart from a layer of security, just how complex does the software have to be?
(Clear all variables)
Enter selections
Hit accept/enter
Accumulate values for all selections
Clear screen
(Repeat)
Export at end of election
Why the hell does something of this level of incomplexity even need to be closed source?
The second one. But nobody here ever does anything about it besides vote third party and whine. Guess how much that helps?
ResidntGeek
So how is this any different from a traditional low tech ballot box? If you allow someone unrestricted and unsupervized access to a box full of ballots its security breaks pretty fast too. While it may be possible that computerized voting could have made elections more secure than they were previously, the idea that we have taken a step backwards in terms of security seems like a stretch to me.
How long before we can download it on Bittorrent?
Besides taking the effort to install invisible vote-stealing software, one can just open the MS Access database and edit the values: http://www.scoop.co.nz/stories/HL0307/S00065.htm#v otes
Of course, the copy now in possession of the legislator/FBI is the only copy, right? So, if the FBI can just keep this *one* copy off the streets, then everything will be fine, right? Putting it on a web/FTP server is not possible, right?
Excuse me, but please get off my Pennisetum Clandestinum, eh!
If this is an insider, then I have to guess that it is somebody who is concerned about some piece of the code. Otherwise, I would guess that it is a cracker who was able to break through the famous Windows security at diebold and grab the source.
I prefer the "u" in honour as it seems to be missing these days.
that says that all vote tallying on these machines MUST BE DONE bY HARDWARE and not secretive software that frankly has more security flaws than an IE browser on 0day. I'll never vote on a diebold machine. Demand paper ballots.
When code is hacked or stolen, it usually winds up posted on the net.
This was sent to a former legislator. Maybe from an insider trying to show evidence of election fraud???
Yes I do live in my parents basement, and I AM wearing a foil hat. But that doesn't mean I'm wrong.
The difference is that the Princeton team wrote a vote-switching virus which would spread itself through the smart cards used to tabulate votes. Thus, one infection could -- in time -- spread to any arbitrary number of machines without the knowledge of poll workers (or voters).
That outcome is obviously not possible with manual election rigging.
I saw on Lou Dobbs yesterday a piece that showed election officials rushing out to hire grad students to help out with the coming election. The reasoning was that widespread failures (mechanical, networking, software, etc.) were expected and election officials and staffers unanimously considered themselves as both unprepared and unable to deal with anticipated problems. A quick search for election jobs seems to validate the story.
Or maybe they're worried that the code contains evidence of tampering with election results? Otherwise it's just code. Just because it's public doesn't mean Diebold loses their copyright.
But if that code contains evidence of treason...which is what tampering with election results would be...then anyone involved deserves to be stood up against the nearest wall and shot. Then leave the bodies as a permanent reminder to anyone else thinking about ballot stuffing.
The real question is if the results were rigged, what's that do to the Bush presidency? It would seem to invalidate the '04 election. That means anything he's done while in office should be voided and Kerry should be allowed to serve out the rest of his term. It gets really interesting to consider that the deciding vote on the Supreme Court would be one of those invalidated actions.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Proprietary or not, software used in something so critical as our democratic process *should* be under the scrutiny of some sort of bipartisan government software auditing group. Whether or not its completely open, doesn't matter. The fact that democrats haven't attacked this issue further convinces me of their incompetence.
Similes are like metaphors
How do you "illegally uncertify" something?
What about the integrity of the elections?
Isn't this kind of stuff the kind of thing that a typical American would not be surprised if it were reported as having happened in the so called 3rd world countries?
What troubles me also is the fact that after all this, our government goes on preaching democracy. I am disappointed! Period
There is actual video of some analyst who was hired
by some political party to "fudge" the programming of
the voting booth wish i had the link with me..
anyone else rember hearing about this?
Actually hardware would be even worse as the flaws would be unfixable and nearly impossible to trace. (Hardware reverse engineering on a microchop leve? lol)
What he's really saying is, "please, please, please believe that I didn't screw up as badly as it appears I screwed up. Just pretend that the machines are secure, and that democracy as we know it is not in danger."
You want the truthiness? You can't handle the truthiness!
Voting is public. How can a company legally be allowed *not* to disclose the mechanics of a system built to be used in public elections. What .. we should just assume we can trust the democratic system in the hands of big business? Every programmer? Every engineer? They might as well just hire a bunch of staff that go house to house promise to vote for us.
There are lots of things that you should be able to keep secret, but not how my voting system works. We might as well do away with it altogether.
Quack, quack.
Where is the torrent?
When a non-geek hears about open source, whether it's a layman or member of a spy agency, they shrink away, basically thinking that open ROM (hardware, software) is open RAM (data transfer), if they could phrase it as such.
Well, those people might not vote in the election either because "It's pointless. Those kids are going to go straight off of my lawn and onto that election-hacking machine of theirs" or "My vote won't count", the latter of which is age-old.
So I agree with the concept making voting open source. In my subjective slippery-slope universe, this will cause news-ussavvy "I voted Democrat since 1948" non-nerds not to vote and have the generally better informed of us vote. (Sounds elitist, I suppose.) Top hackers across the country could review the code for vulnerabilities, instead of us downloading "Diebold Security Patches" every 2 minutes under the current system. I realize that the US government will almost never accept this, but in my opinion it's good anyway, and maybe as secure as a completely hidden source code.
Of course, Diebold would lose profit. But that's a sacrifice they'll have to make for the red, white and blue, for the eagle soaring above, soaring... majestically! and the Americanness (Britishness) of apple pie (cobbler) all those other American cliches.
The paper ballots could be used as forensic evidence, for once. It's a LOT harder to prove who tampered with a diebold machine, since so many people have access to it(the voters touch it, for once, so not all fingerprints would be usable... Paper ballots are also divided into smaller groups(a diebold machine would replace several "ballot boxes") compounding the problem, because of the cost of the diebold machine.
I am however, not working for anyone in the US electoral system, so my information could be incorrect.
Ballot box are never left unsupervized. That's the difference.
TEXT TO SPEECH code is needed for blind people.
What's keeping America from having votes from the web as a option? Given countless examples of web pages that use a huge variety of methods to reasonable ensure one person one vote-is is possible somone or something has an agenda? Who or what do we trust more- a person with any number of reasonable resons to skew a vote or a mechanical process in wich a vote is automatically secured and sent to the proper location?
Why are they-election officials-allowing someone to use Acess wich is poorly equiped to handle the kinds of security issues needed to ensure a reasonable safe system? Who stands to gain? and Why? Why are they even considering a closed source system, they must be aware of the number of questions that'd come up.
Generally that might be true, but in this particular situation I'm not sure your bumper sticker applies.
To take this to the extreme, let's say you're only going to be able to use the software in question for thirty seconds. Which of these solutions is going to be more secure?
For the first option you have months to find all the exploits you can, and thirty seconds to exploit them. For the second option, you have thirty seconds to find and use the exploits.
It seems to me the second would be more secure.
FUCK A PAPER TRAIL. We need PAPER ELECTIONS. Just that simple. Can paper elections be rigged? Of course they can. Can they be rigged as easily, as invisibly, as completely as digital elections? Hell no. What's mind boggling is that there's even a debate here. Get rid of digital voting machines. Hell, get rid of ANALOG voting machines. Piece of paper, ink pen, padlocked metal box. That's how sane people run elections. The notion of there being anything worth debating here is nothing but complete bullshit.
Here in the Netherlands there is a group under the name of (translated) "we do not trust voting computer" (http://www.wijvertrouwenstemcomputersniet.nl/ in Dutch) who is actively discussing the accuracy and validity of voting computers. They posted on YouTube (http://www.youtube.com/watch?v=B05wPomCjEY) a movie about how to scan the machines about what they registered as a vote. I think that software ruling democracy should be open source just as the entire democracy should be transparant.
r /es3b-en.pdf.
They even posted a security analysis (in English) of the voting computer used in the netherlands http://www.wijvertrouwenstemcomputersniet.nl/othe
On everyone's part. I know that electronic voting is the way of the future, but a closed source, no-bid electronic voting system going to a large political contributor is just asking for trouble.
I hope some states get the balls to review the code or implement their own system.
My Sysadmin Blog
Until a large, dispersed group of people break into a large number of these machines and rig the elections so that "Homer J Simpson" is the presedential victor in multiple states, we aren't going to see the government persue a real alternative to these proprietary magic voting machines.
I wonder how many people will say "Woo hoo!" and how many will say "D'oh".
Going off-topic: What ever happened with that? Did the people get their cars back? Is the garage back in operation?
It's very hard to beat and scales effortlessly. We've been doing it in Canada for a long time. Usually takes 4 - 5 hours after the last poll closes. Why do it the hard and screwed up way?
... Standards and Practices !
PenGun
Do What Now ???
That was dumb. I mean I know he's a former legislator, but still if the suspicion is that the Diebold software is allowing vote switching, why send it to someone who has a history of being involved in government and depending on votes for his job? For all the sender knew his party is the one taking advantage of the flaws and they could have just distroyed the package!
It should have been sent to several people, including the EFF and some open source gurus. People who, you know, might able to actually read the code and give a flip if there's an issue with it. Really, if the FBI has the only copy now they might as well have sent it direct to the White House. [rolleyes]
What I'm more concerned about with the nature of Diebold's source code is whether or not their programmers even understand it. I mean, more often than not, companies layoff programmers, or shuffle them off to other projects. And I have grave doubts the original programmers of the voter machine software left behind significant documentation. So, if stronger encryption was needed to keep the possibility of hacking to change the vote count, I bet it would not be easy in a closed source model, where documentation sometimes is frowned upon.
I'm also very concerned that Diebold, being fairly close to home with Dick Cheney being a former company man for them, was just a pick'n'choose based on what Mr. Cheney felt were his friends, rather than on what is best for the nation. Technology can be useful in securing some things, but I think voter machines is not one of them. What if the machine goes down? What if the machine is 'poisoned' (as in the vote count was tampered with by individuals masking themselves as different people that they are not)? And so on. Does high technology warrant its use in a domain, where it adds no value and no security?
I really think this is just proof that technology can only go so far, and all the buzz over electronic voting and what not is just fluff, to be honest.
-- Bridget
Diebold says the code is proprietary and does not allow public scrutiny of it.
Where did the government drop the ball on this one? IANAL, but it seems to me that the moment something enters into the arena of figuring our elections, it ought, by the very nature of things, enter into public scrutiny. Are we suppose to just bend over and accept anything the see fit to inflict upon us? The contracts in the first place should have been drawn to allow for a public audit of the code.
We're all hypocrites. We all have hidden parts, it's the contrast between them that make us more a hypocrite than others
Who are the people, other than DieBold, that support DieBold's secrecy? Who are the people who would like to preserve things as they are rather than fix the problems that the rest of the interested public is concerned about?
I think that when we can publically identify who these people are, we can either have a proper public debate on the topic or we can put the matter to rest by exposing the corruption that has been going on.
That is, if the *Rethuglicans* keep control of the House and Senate, I fully expect Diebold to be given the blame.
/.) votes Democrat!)
(I mean, everyone I know (on
I almost hope this happens, just for the cries, shouts, rending of hair, gnashing of teeth!
Oh the humanity!
668: Neighbour of the Beast
The problem with electronic voting hacks is that a single person can change entire elections, in very little time, without leaving any evidence at all.
With paper ballots, you have to come up with a lot of other ballots if you want to stuff the ballot. That takes time, material, and co-conspirators. If you want to destroy ballots, you have to take them out of the box and get rid of them. You might shred, burn, bury them, or throw them in a river. That takes time, and leaves evidence and possibly witnesses. If you want to destroy enough ballots to change an election, you will probably also need co-conspirators, and will need to avoid witnesses.
So anything you do to change a paper election will take a lot of time, resources, and manpower, where as an electronic theft of an entire election is almost instantaneous, with no witness and no evidence *.
* Aside from exit polling.
Computers are useless. They can only give you answers.
-- Pablo Picasso
#5. On closer inspection Diebold's code turns out to be GPL'd.
Only if removing Maryland's votes would have resulted in his defeat. Remember, Maryland was a blue state.
Bad assumption.
Would your opinion change if it was D operatives caught red handed paying for votes? They were! (Packs of smokes to bums for a vote.) Up against the wall for at least the lady caught in the act.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
Turns out the end of the Wired article had it.
Even if the software was open source, the process is still moderated by government officials correct?
That means that they government could throw whatever piece of software they wanted at us, say "Here's the code we use, happy?" and then continue to use whatever they wanted.
It comes down to what you want to know. If there is something malicious going on, I'm sure the government is aware of it, and likely behind it. All we can do is hope that there are still decent people in important positions and that the right choices are being made.
I for one, wouldn't feel more comfortable if the software used was open source.
As a Free American I have the Right to vote. I have used that Right, many times. In using my Right to vote I have an obligation to protect the Right's of all Americans. This obligation is not enforcable other than through my own free will. I choose to take this obligation seriously and given the chance I would publish ANY information about the process of voting that I came across, other than any information that would directly release who voted for whom...though the level of threat, in my opion as a Free person, to the voting process could mitigate this. I would and will, given the chance or by breaking any law I choose (I don't do physical damage to people, so some laws I would not break, but only though choice not because of the law itself) inspect, dismantle, suck the software out of...etc. any voting "machine" that I think cannot be shown, in a very simple fashion, exactly how it records votes. Has any system that uses current semi-conductor and/or software technologies CANNOT, by definition, be shown, in a very simple fashion, exactly how it records votes: It CANNOT be used the the voting process. As an American I DO have the Right to break any law I wish and the People's elected representatives have the Right to enforce any law I break...this does not mean I do NOT have the Right to break the law.
This is simple...if the method by which the voting "machine" records the vote cannot be shown visually and explained verbally in less than two minutes....forget it. Puchcards might allow for mistakes....but you know exactly how it worked. Hanging "chads" should not be solved by using a CPU, it should be solved by re-designing the card and die so the chance of a missed punch is lowered to demostrable level. You can even measure the die and punch to an insane level...certify them with a hard stamp, show the public what the hard stamp looks like, vote and then throw the die and punch into a furnace.....building a new lot with a new stamp for your next voting cycle. Keep it Simple and Stupid. Write your Senator, etc. and for now get a paper, mail in ballot (still does not met the need but have to start with something).
If you come across the source code or any other infomation about any voting "machine"; do the right thing, step up, be Free and set it Free.
I think everyone knows this. Your friendly government officials know this. The unstated is the fact that Diebold spends large sums of money on lobbying. People in government are afraid to rock the boat. This is a byproduct of bureacracy. People will be punished for standing up to do the right thing.
It wouldn't take much to do a manual vote count, but you see, in the end, greed rules. Greed causes harrassment, frivolous lawsuits, bogus investigation by government (the whistle blowers are a menace, you see), etc.
Maryland was a blue state in the '04 elections.
I have to agree--it has been proven that we, as a technologically advanced society, cannot reliably run an election using any sort of machine to count the ballots. I mean, when a machine counts more votes in a precinct than there are registered voters, that should be a big red flag lit up with a bright spotlight saying (no, SCREAMING) "Hey, something is all screwed up here, better take a look!" I wonder how many "irregularities" like this DON'T get caught.
I will still support the use of some form of digital voting machine to print these paper ballots with the voter's choice marked, so that the ballots are marked in a consistent fashion and help prevent spoiled ballots (two candidates marked for the same position for example) but to count them, you need people, and only people.
A rep from each candidate's election campaign to monitor the count and an official counter are what you need. Go ahead and use a spreadsheet to total up the counts if you like, since building a spreadsheet that can add two numbers is still something we can do reliably, but the official count for a precinct is done by hand.
Government's idea of a balanced budget: take money from the right pocket to balance...oh who am I kidding?
You, the voter, need to physically move your verified ticket into a box under the watchful eye of the election judge. This MUST NOT be done by machine, unless the machine also does it in an easily visible fashion under the watchful eye of an election judge - which is simply not what's going on.
I early voted on a Diebold voter verified machine - and it's NOT good enough. I even had a nice conversation with the technical election judge, and since it did print a verified trail I did have to go home and think about this before I realized how it sucked.
They totally and complete circumvented the idea of a voter verified paper trail.
The way this machine works is you vote, it prints, you can see-but-not-touch the printout. You can vote AGAIN (up to 3 times) and it voids the previous printouts. Again, without you touching them. Which means the process expects that some percentage of its paper trail will be voided. The printouts get sent into some magic compartment.
So 1) there's no way except by noise for the election monitors to know if it printed a variety of extra votes. And they were pretty quiet.
2) There's absolutely zero way to know if it went back and voided your vote, because there's plenty of precedent for voiding votes.
3) It can absolutely tell via paper alone who voted in which order; it's on a spool. Which could be easily tracked by anyone who watched what order people voted at that machine. Your votes are even less anonymous.
*sigh*
Looking for freelance Actionscript (Flash/Flex) or ColdFusion work and/or freelance developers. Email me, put Slashdot
The fact that you can inspect the source code doesn't prove (although it helps) that the code does the right thing. Are they inspecting the compiler's code? And the compiler of the compiler's code?
I can just see Bush declaring an emergency on polling day which has the side-effect of banning exit polls... oh so convenient... get rid of those pesky exit polls... then no-one knows how the voting is going except those controlling the magic software...
Utter nonsense. Any "emergency" so dire that someone can't stand on a sidewalk and ask someone else on the sidewalk a question would be an emergency so serious that it would prevent voting in the first place. You're dreaming up mustache-twirling fanstasy villainy just because you don't like someone. It's a little embarassing, really.
Next thing you're going to tell me is that the previous administration had FBI dossiers on political opponents delivered to White House staff for review by campaign workers! Oh, wait, that did happen. If you can "just see Bush" doing something, why not actually explain how that would, in practical terms, work? That would at least show that you're thinking about it, and would more stylishly showcase your tin-foil hat by accenting it with some propertly conspiratorial crazy-flair.
Don't disappoint your bird dog. Go to the range.
I agree with paper elections. I also think that digital machines can have a place in elections. You make your choices on a computer, the computer prints out the ballot. The ballot is plain english and human readable. Nothing computer readable, not even a barcode.
This way you don't have to worry about people not being able to figure out how to punch the ballot, but there is no way a computer can rig an election.
For a (slight) glimpse at the stakes of a game like this, consider the recent Robin Williams film "Man of the Year". The movie was okay, but the truly frightening thing was how likely a scandal like a rigged election, purposefully or otherwise, might take place. However, before I go into some facts I found through surfing about Diebold and electronic voting, I wanted to point out that even if it was demonstrated beyond a shadow of a doubt that Bush was elected through vote fraud of some kind (not that many of us need any further convincing), it doesn't mean Kerry automatically gets to take the White House and Bush is out. What would most likely happen, along with a series of investigations and lawsuits, is the Supreme Court court would invalidate the election results and declare a new election, at a reasonable time period. Dennis Hastert would assume the throne until the new election results were confirmed but nothing Bush has done would be invalidated, at least, not right away. Even if he was fraudulently elected, he was still the de-facto sitting President and so his actions would be legal (in a manner of speaking). Congress could take some action to reverse some of his doings, but that assumes they want to in the first place. Now, on to Diebold. Found via a Google of "Diebold facts": 1. 80% of all votes in America are counted by only two companies: Diebold and ES&S. http://www.onlinejournal.com/evoting/042804Landes/ 042804landes.html http://en.wikipedia.org/wiki/Diebold 2. There is no federal agency with regulatory authority or oversight of the U.S. voting machine industry. http://www.commondreams.org/views02/0916-04.htm http://www.onlinejournal.com/evoting/042804Landes/ 042804landes.html 3. The vice-president of Diebold and the president of ES&S are brothers. http://www.americanfreepress.net/html/private_comp any.html http://www.onlinejournal.com/evoting/042804Landes/ 042804landes.html 4. The chairman and CEO of Diebold is a major Bush campaign organizer and donor who wrote in 2003 that he was "committed to helping Ohio deliver its electoral votes to the president next year." http://www.cbsnews.com/stories/2004/07/28/sunday/m ain632436.shtml http://www.wishtv.com/Global/story.asp?S=1647886 5. Republican Senator Chuck Hagel used to be chairman of ES&S. He became Senator based on votes counted by ES&S machines. http://www.motherjones.com/commentary/columns/2004 /03/03_200.html
http://www.onlinejournal.com/evoting/031004Fitraki s/031004fitrakis.html
6. Republican Senator Chuck Hagel, long-connected with the Bush family, was recently caught lying about his ownership of ES&S by the Senate Ethics Committee.
http://www.blackboxvoting.com/modules.php?name=New s&file=article&sid=26
http://www.hillnews.com/news/012903/hagel.aspx
http://www.onlisareinsradar.com/archives/000896.ph p
7. Senator Chuck Hagel was on a short list of George W. Bush's vice-presidential candid
If anyone proclaims that secret source code provides a measure of security, just run a Spybot S&D scan on his computer, then ask him whether he really thinks that MS has provided the Windows source code to all these scallywags...
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Piece of paper, ink pen, padlocked metal box. That's how sane people run elections.
Do you have any recollection of the Florida mess in 2000? The Gore campaign didn't like the results, and demanded recounts in certain districts though to be favorable to their candidate. There was no arguing about most of the poll documents, but because they were literally trying to differentiate between a few hundred votes, it came down to groups of people sitting around a table debating what they imagined a voter's thoughts really were when they left a partial impression next to ONE candidate's name, but then a slightly more dramatic impression next to another, etc.
Pens and paper are too ambiguous when you have campaign workers doing psychic readings after the fact and trying to produce the results they're looking for. Electronic voting mechanisms unambiguously record the voter's actions (or lack of them). A paper trail produced at the same time, reviewed by the voter, is the ideal method.
Don't disappoint your bird dog. Go to the range.
That's a "I don't know what code is or I'm writing for people that don't know" sentence if I ever heard one.
Mind you not that leaking the executables is that much worse or better that source code (.cpp, etc.).
... And change Captain Splendid to Captain Obvious :-)
That would be rather redundant, since exit polls, while they are quite stunningly accurate for elections not involving Bush family members, or conducted in Byelorussia, are known to be very inaccurate for the other kind of election.
-I like my women like I like my tea: green-
It's funny my parent post got a score of 0. I was speaking in reference to a lecture I heard from a lady from Renton, WA, who stepped upon an FTP site with the Diebold software. There was a directory called "Rob-Georgia", I might add. In this was 3+ Gigabytes of files from Diebold. This stuff was uploaded and when she tried to get people to pay attention, no one bothered to (like the moderator who decided not to score the parent post).
To make a long story short, she uploaded the files to an area where technologically savvy people frequent, and said, "Hey guys, take a look at this." The only people that replied were the people willing to take a stand, i.e. the programmers at Princeton.
So, for an "unimportant post", I divulged information that actually happened. You see, after government officials became aware of flaws in the software, they still kept the Diebold machines in their budgets (hundred of millions of dollars in sum, mind you). Huge amounts of money is being spent on machines that have software programmed by douchebags up in Canada. These machines can be telephoned into to be monitored (good ole' Windows RAS). Oh, and the whistle blower lady was harrassed, her house being broken into subsequently and her being monitored by a government agency, which she has had to talk with regularly.
Yep, you trust your election security to software programmed by dumbasses using Microsoft Access as a database. You trust your election security to individuals that are allowed to bring the Diebold machines home with them after elections are conducted. You trust people to count elections who are ex-convicts hired out by contracting firms.
Why? Um, well, because, um, I think they can be trusted? Oh, that sounds sooooo comforting.
Let's ignore the whole issue about suffrage that was fought so hard for.
My only logical conclusion if people can possibly ignore what I just wrote is that they are idiots. I just hope slashdot readers are a set above the curve.
You're right, and that's why nobody has "unrestricted and unsupervized access" to the ballot box once it contains ballots. It is kept locked and in full public view during the election, and the ballots are carefully supervised (by at least two poll workers, usually more) at all times afterwards.
The difference is, with the Diebold-style systems the "ballot box" is also a security hazard when it's empty. If you want an analogy, you'd have to imagine a ballot box that could be programmed before the election to create or destroy ballots during the election.... a device that would not be easy to implement in plastic
I don't care if it's 90,000 hectares. That lake was not my doing.
Sorry, you're wrong about the Florida election being applicable. The whole "hanging chad" mess doesn't happen when you limit the ballots as the GP suggested: Ink pen, paper, locked metal box.
/That's/ how you guarantee both anonymity and clean ballots.
Can't fill in a block without bleeding over? You just trashed your ballot. Watch it get shredded, then re-do your vote.
But if that code contains evidence of treason...which is what tampering with election results would be...then anyone involved deserves to be stood up against the nearest wall and shot. Then leave the bodies as a permanent reminder to anyone else thinking about ballot stuffing.
Cough... This will happen only if the alleged offenders can be acribed to be non-republican.
Is any other kind even possible?
It's official. Most of you are morons.
Sorry, you're wrong about the Florida election being applicable. The whole "hanging chad" mess doesn't happen when you limit the ballots as the GP suggested: Ink pen, paper, locked metal box.
/That's/ how you guarantee both anonymity and clean ballots.
Can't fill in a block without bleeding over? You just trashed your ballot. Watch it get shredded, then re-do your vote.
Except that's exactly why the Florida election is germaine. Though the Florida laws called for a double-voted ballot to be considered invalid, the people doing the recounts ended up arguing, ballot-by-ballot, about which ones were in that condition. "See, there is a mark on this other one, but it looks like it wasn't really meant to be a vote, since this other one is marked better..." It's not so much that Florida is an example of why paper can't work, it's just an example of what happens when, despite clear rules, people willing to drag in the lawyers will still try to interpret semi-ambiguous hand-actions by voters in whatever way suits them.
If it were as simple as "any mark outside the box invalidates your vote," then this wouldn't be an issue. But the losing candidate in a close election is going to challenge each hand-marked ballot in exactly that way. That's what mechanical and electronic voting mechanisms are supposed to completely prevent. As we saw in Florida, mechanical marks on paper don't do the job. I think pen-on-paper would be even worse.
Don't disappoint your bird dog. Go to the range.
I have read and heard much about the conspiracy of electronic vote tampering. Many people claim Diebold and other companies could and would change election outcomes. The fact that it is even remotely possible, for a company to change the outcome of an election, should render the whole electronic voting sector obsolete and illegal. Why it isn't is beyond reason.
If you want someone to take you seriously, you need to provide more than rumors. You need to link to evidence to back up your claims. You say the Diebold source code was put on an FTP server? Where is it? You say the data was over 3GB? What was in it? It is doubtful that Diebold's source exceeds one GB, mush less three. People don't take you seriously because you sound like a troll making stuff up.
If comment has Bush, Cheney or Republican moderate +1 informative per each word. If comment has Democrat, open source, or competitor's names mark -1 offtopic.
Video Game cheats, hints a
Hate to be the one playing the other side of the deck here, but I see this whole concept as FUD.
Not the concept of electronic voting, but the concept that somehow open source is the solution. So much is concentrated on finding and exposing flaws via open source, but there is absolutely no guarantee that the 'corrected' and 'trusted' source would ever be used on any machine.
Nope, sorry but this is another area where another hated technology is a MUCH BETTER solution. Trusted secured hardware, signed sealed software - the technology exists - and maybe WITH the public scrutiny of open source it could provide the best most secure solution.
But then again the republicans would just declare marshal law and require all democrats to stay home.
The roll printer idea, where the people see their votes printed, but don't actually get to touch the printout is fine. This should be done regardless, but i'm going to go a few steps beyond that.
Basically for some of the rest of the design, if your going to make it electronic, first look at all the ways the xbox security system, for instance could have been made much harder to hack. [I wouldn't necessarily limit it with that, but that is actually a decent start.] For simplicity I'll list some ideas, off the top of my head, and then justify them.
1) Soldered in main cpu (The cpu will be important, and as such must not be something that can be easily changed.)
2) Security seals on the case that show signs of tampering.
3) Ideally the GPU will be inside the cpu. [This prevents what is display from being easily tampered with, although the need for this can be argued, but what you see on the screen, is, of course, what you hoep you are voting for.]
4) The system on boot will be able to read from only one source for its OS. The CPU will read the OS and compute a crytographic hash on the entire system. The ROM image (or whatever) will also have a separate field which contains a public key encrypted version of that same hash. The cpu will decrypt that hash with its public key and if the two match, the system will finish booting.
5) Obviously the private key originally used to encrypt that hash must be
stored in a very safe place. [The cpu never needs to know that key, and as such, there is no way that possesion of one of the devices can alloy you to create an arbitrary rom image that check out.]
6) The bottom part of the screen should, at minimum show the cryptographic hash of the software, at all times, so that independent people can verify things.
7) Optional: Take the original hash and use say the last so many bits from it to randomly select from a stack of pictures, or perhaps several pictures. The key part here is to create a visual representation of what the cryptographic hash is, at least in part. You can show this to the voter as a series of icons on the bottom of the screen say to the right of that hash, as an additional check on security. If all of the code that does this is in hardware, this provides an additional check to verify the software has not been modified that people might remember. Of course there are lots of variations of this, including just say making the last 4 digits of the hash bold, or whatever.
8) Keep the code open source. There is no particular reason this is 8, it could as easily be (1). If the cpu is a custom chip, it might require releasing an open source emulator so people can test it. Of course, most likely you are going to use some common cpu core, even if you say put the cpu/gpu on the same chip. Just to reinterate, the key with some of this to be on the same silicon is to prevent tampering. If say the chip that verified the hash was elsewhere, then you might be able to just send a "it passes" signal for everything. Similarly if the code that computes the hash or the encryption is elsewhere, you also have a vulnerability. By having everything security related on the same silicon, you can be reasonably assured that when it checks out the election software that it truly is secure.
9) You can argue with the need to be able to update these fast, and if you agree with that, then you might have to boot from a second source, in order to update the flash, or whatever storage the device uses. All in all though, i don't buy that argument. if you say put it on a flash device that is behind a seal, then you can as easily physically change the flash module. Of course, if you are going to allow a second booting source to reprogram the device, it had better pass its own cryptographic checks to insure it comes from a trusted source.
10) Don't forget the paper trail. While, I've tried to make the previous ideas sound, I likely missed things. This is, after all, a relatively quick post, and I'm only one pe
has always been that obscurity is fragile. Once the 'secret' is out, the security is gone.
this system is blown. It may have been published now, but was really blown over a year ago. i remember hearing of an election in California where on a light turnout, the diebold machines showed results with 125% of registered voters having cast ballots. The system does not allow for recounts or checks.
I believe that both sides had hacked the system to increase thier sides count. Kind of like Chicago, but there were no cemetary addresses. No way to check either.
Everybody knows 3 people with my name.
What would be the point of that? The exit polls have been stunninging wrong for the past two elections anyway. Apparently Republicans just don't take the things, because they're always a several point difference from the actual results.
I read the internet for the articles.
Please, for the good of Humanity, vote Obama.
We also have to get rid of our expectations to know the winner of the election on the day of the election or the next. Sane people are willing to wait a few weeks to get all of the counting done I guess.
I read the internet for the articles.
so far I haven't seen any other mention demanding a paper ballot when voting. IANAL, but for those that are, can this be done? When I go to vote can I demand a paper ballot instead of using the computers available? I have no faith in these machines for other reasons. A few years ago I tried to vote the party line and upon reviewing the votes I was about to cast the machine fucked it up and was placing my votes accross both party lines. I have no idea if my votes counted or not on that day. But back on topic, can I legally demand a paper ballot?
I have a suggestion.
The goal of an electronic voting system is to ease the voting process for voters. The results of which, de facto, become public common knowledge (regardless of geographical scope) within a matter of hours following the vote (if not sooner).
This is my suggestion: Use ONLY publicly-available open-source code for the voting machine software.
This software must be reviewed by groups of seasoned software developers (5+ devs/group, number must be odd to prevent ties in decisions), each group MUST be endorsed by a political candidate, and each political candidate MUST endorce ONE group (to prevent intentional filibuster-style delays caused by opposed views from a political candidate's groups) of developers to review the code.
The code will be publicly available to the masses at all times, the code will be mirrored by servers physically located in each State, each political party must run an equal (or same+1) number of these servers.
The software must also be self-analysing, logging all changes in memory to disk, focusing on user-initiated events and foreign device activity (transferring files or running code from a USB key, for instance).
Results from all voting machines will be communicated using equally open-source protocols, as well as by telephone and/or authorized messengers (physical distance permitting).
----
Seriously, a voting machine should be as simple as "if (vote = 1) i++; elseif (vote = 2) j++".
The only remaining problem, if THAT is done properly, is ensuring the outcome is communicated honestly, both by the sender and the receiver.
how is babby formed?
Indeed. That's a more likely scenario, I fear...
Neoconservatives lose election --> big "ter'rist" attack happens --> Bush is "forced" to declare Martial Law, which "conveniently" prevents him from abdicating the Presidency in the spring.
Do you like it? I made it myself, out of Roswell spaceship debris!
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
In my district, where we still have paper ballots, we fill in the oval next to each candidate. Then, instead of putting the ballot directly into a box, we run it through a machine that tells us if we marked two candidates or otherwise invalidated the ballot. If the ballot is okay, it drops into the box. If you marked two candidates, the ballot is rejected and the voter has to fill out a new one.
20 years ago, Shouptronic made a computerized voting machine that keeps an audit trail on paper. The technology is already there.
Shouptronic voting machine
"Electromechanical machines like the Shouptronic bridge the recent past of the lever machine and the future of fully electronic touch-screen voting. The Shouptronic resembles a traditional lever voting machine, right down to its privacy curtain. The candidate slate is printed over a backlit grid of illuminated buttons. A green VOTE button locks in and records the choices. Votes are recorded to a hard-drive memory. Recording features include a memory cartridge, a backup battery, and the means of printing a paper tally. This Shouptronic machine was used in Fairfax County, Virginia, from 1981 to 2002."
I agree. Unlike machines, people have no bias and would never commit fraud. Those computers though, they're constantly working against us for their own motives.
Stupidity is like nuclear power, it can be used for good or evil. And you don't want to get any on you.
Americans should outsource their elections since they seem to be too stupid to organise them by themselves.
>The exit polls have been stunninging wrong for the past two elections anyway
Just playing devil's advocate here... Don't you think it's interesting how this has been true for the past two elections, in which use of electronic voting systems has been increasing?
Is this a news report or a trailer for a motion picture?
wtfbbqhax!
And if you have nothing to hide, then you won't mind the police searching your house without a warrant.
Seriously people, as much as I don't like the diebold obfuscation method, opening the source isn't an option for a company that doesn't want to lose a stranglehold on a market.
Yes, have some kind of code review, the govt should be doing that anyway for a 3rd party product that's being put to such high-profile use, but don't ask a company to give you their work that they've paid people to develop for them.
Why not just make a box for each candidate and make each voter place some kind of anonymous ballot in the box of who they're voting for. And, just to make sure that someone doesn't accidentally mix the ballots together during the counting process the machine could mark off who you voted for on the ballot. Pretty simple, no smudges no "questionable marks"...
Make it really obnoxious too - large colorful print. Ask each person two or three times if they're POSITIVE that's who they want to vote for...
Then at the end of the day all you'd have to do is count up how many ballots in each box. Presto! We have a winner.
And then, if someone comes up after they vote and says "I'm not sure if I did it right, I think I put my vote in the wrong slot." You shoot them in the face, point blank and broadcast it on live television.
One would think that the state would require the sourcecode for due diligence...
My county (Franklin County, Ohio) expressed a "strong preference" for their voting machine vendor to provide the source code to a 3rd party elections systems assessor.
It was not a requirement, but the fact that Diebold wouldn't, but ES&S would was one of the reason why Franklin County chose the ES&S system.
Keep in mind, there was no directive from the Ohio Secretary of State on this issue, nor a law from the General Assembly requiring it. Franklin County probably has the most concerned and intelligent leadership running its board of elections, and in that regard, establishes great precedence for the other 87 counties, but they are certainly not under obligation to follow its lead.
There's a quote from technology mucky muck at Amazon that speaks clearly to this point:
Failure in any large-scale system is the
normal case, not the exception.
- Werner Vogels
If you can't tolerate large scale failure, then you shouldn't rely on it. Voting should use paper. Fewer bugs, propagate less, and they're easier to find and fix. The idea that we would use electronic voting is basically an argument that "it's more efficient." Efficiency is exactly what I don't want in voting. We can pay $300B to goof off in Iraq, I think we can pay to run an election properly with paper.
Dewey Defeats Truman!
878659 - yep its prime.
OK, I'll probably get hit with "offtopic"/"troll" by someone out there, but...
u st_try_voting_here.html
WOW, timely comments. I'm not a regular reader of MotherJones, but I was in Borders and thought I'd read this particular issue. One article is:
"Just Try VOting Here; The 11 Worst Places to Vote (and then some)"
Seems we need even MORE external observers to expose the jokery of the US federal/presidential voting process. Underscores why I think national elections are so rigged and so thoroughly corrupt it's not worth my tim. Unfortunately, that's exactly the result the powerplayers expect.
http://www.motherjones.com/news/feature/2006/09/j
On another topic, for those who might be interested:
Chronicle of a War Foretold
http://www.motherjones.com/bush_war_timeline/
hehe, Slash image word: aspire (makes me think of Cyndi Lauper... "I couldn't aSPIRE to anything HIgher..."
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
Forensic evidence indeed. To prove fraud, you simply tally up the paper ballots. If the tally doesn't match the electronic total, fraud occured. So simple.
Also, you can pinpoint exactly where and when and to what advantage the Diebold hack occured. If we had such a system in place in 2004, there would have been hell to pay in Ohio. And it would prevent the upcoming hack in November, as they simply have to pinpoint individual precincts to alter -- no need to hack every machine. The pattern would be obvious if there were a paper trail.
Why else do you think Diebold has fought so hard to prevent paper trails at all costs? It makes no sense, as they would simply make more money with paper trails. Occam's razor: they know that the paper tally would not match their electronic tally, and HELL would break loose. In a rational country, this would be obvious. We aren't rational. The Republican faction in this country has a lot invested in these machines.
Indeed. That's a more likely scenario, I fear...
Elections are conducted at the state level. The President does not have the authority to stop them.
Neoconservatives lose election --> big "ter'rist" attack happens --> Bush is "forced" to declare Martial Law, which "conveniently" prevents him from abdicating the Presidency in the spring.
Have you ever heard of the electoral college? It is not the people who vote for the President, it is the states. They send x-number of delegates to Washington, D.C. to vote for a particular President. All states currently choose the delegates by counting how many people vote for a particular Presidential candidate. Anyway, if nobody gets at least half of the electoral votes (for example because no electoral votes are counted), the U.S. House of Representatives chooses who the next President will be.
Also, the President does not leave his job in the spring. He leaves at the end of his term which is noon on January 20th. If something prevents the next presidential inauguration, the Vice President elect becomes president.
I can just see Bush declaring an emergency on polling day which has the side-effect of banning exit polls... oh so convenient... get rid of those pesky exit polls... then no-one knows how the voting is going except those controlling the magic software...
Exit polls are that reliable, frequently exit polls differ from the actual vote tallies.
FalconShould there be a Law?
How did it become reasonable that democracy can be run by proprietary coding that is not available to the public? It has always been a transparent process based around the concept of secret ballot in a system of verifiable legitimacy. Use of these machines is the wholesale lending of our government participation to corporate interests. It seems clear to me that in a democratic system, transparency is the only means to guarantee legitimacy.Therefore, proprietary code is simply a way to perpetuate discriminatory practices with lack of true oversite. How can government truly consider the interpretation of our votes an option removed from verifiable proof of definitive numbers? There is no proof without full consideration of confounding result factors. Those factors being the legitimate and verifiable individual votes. One person, one vote is fundamental to our democratic process and these machines clearly create enough opportunity for alteration as to require not only paper trails but oversite to the degree that negates any possible gain from the use of such mechanisms. Our votes are not for sale to vendors but Constitutional RIGHTS that preclude any corporate agenda, whether that agenda be current or within possibility.
I mean, when a machine counts more votes in a precinct than there are registered voters, that should be a big red flag lit up with a bright spotlight
In and of itself, that doesn't indicate fraud. In some jurisdictions, you can legally vote even if you're not registered in advance.
So the deal is, concerned citizens now have to come and babysit elections. We train on all the fine points of who can access the machines and are basically there to watch the Diebold personnel to ensure they don't "patch" the machines at the last minute. It's fucking insane. As you can probably tell, I'm highly suspect of America's status as a democracy anymore, but I'm doing my best to help us recover. I'll give it a few more years, but the state of affairs is pathetic. We seem set to turn our elections over to the corporations that are running our country (and, as a consequence, our foreign and domestic policy). If Americans don't start giving a shit, this country is over.
That's old news
Adam Stubblefield, a Johns Hopkins University doctoral student, along with Yosh Kohno from the University of California, San Diego, last year produced a report detailing the security problems with Diebold Election Systems' source code after it was left on an open FTP server and eventually leaked to the Internet.
Here's another one:
FalconGary McGraw, CTO of Cigital Inc., cited the formerly proprietary code that runs Diebold Election Systems' AccuVote-TX electronic voting machines as an example. A voting activist was able to download the source code from a Diebold FTP site, which led to the exposure of a number of security flaws in the software and widespread questions about the accuracy of the machines and the integrity of votes cast with them.
Should there be a Law?
Dont tell anyone - but US democracy is dead. If the Americans are told, they get mad at you.
Diebold is simply the last drop.
In many districits minorities are unable to register to vote, the whole registration requirement is a limitation in itself, there is open, commonplace intimidation of voters, the media clearly picks its candidates and attacks the other side, political advertising has almost no rules, campaign financing is little more than political influence for sale, millions of immigrants live, work, and pay taxes but cant vote, many people dont vote out of laziness or other reasons. And on and on...
The problem I have with paper trails is that what you have then is basically a very expensive ballot printer. There is no technological solution to voting problems. There must be political, social and process solutions first. At which point voting machines may be irrelevent.
putting the 'B' in LGBTQ+
However, if this is not the case, then I believe you said it best: "wtfbbqhax!"
Dewey Defeats Truman!
Nice one. But way, way too subtle to make it through the tin-foil your intended audience is wearing, I'm afraid. Keep up the good work, though.
Don't disappoint your bird dog. Go to the range.
I agree with paper elections. I also think that digital machines can have a place in elections. You make your choices on a computer, the computer prints out the ballot. The ballot is plain english and human readable. Nothing computer readable, not even a barcode.
Actually India has a pretty good e-voting system:
Slate magazine pokes fun at America's continuing electronic voting anxiety by using India as an example of how to do things right:
While we in the United States agonize over touch screens and paper trails, India managed to quietly hold an all-electronic vote. In May, 380 million Indians cast their votes on more than 1 million machines. It was the world's largest experiment in electronic voting to date and, while far from perfect, is widely considered a success. How can an impoverished nation like India, where cows roam the streets of the capital and most people's idea of high-tech is a flush toilet, succeed where we have not?
Apparently India uses an incredibly simple technology that may not be as fancy as the machines here, but does the job well.
The result is a machine that looks like a cross between a computer keyboard and a Casio music synthesizer. In fact, it's not much of a computer at all, more like a souped-up adding machine. A column of buttons runs down one side. Next to each button is the name and symbol of a candidate or party. These are written on slips of paper that can be rearranged. That means unscrupulous politicians couldn't rig the machines at the factory, since they wouldn't know which button would be assigned to which candidate. Also, the software is embedded--or hard-wired--onto a microprocessor that cannot be reprogrammed. If someone tries to pry open the machine, it automatically shuts down. After much testing, India adopted the machines for nationwide use this year.
Why do our machines suck?
American machines, by contrast, may be vulnerable to wholesale fraud. Our machines are far more complicated and expensive--$3,000 versus $200 for an Indian machine. The U.S. voting machines are loaded with Windows operating systems, encryption, touch screens, backup servers, voice-guidance systems, modems, PCMCIA storage cards, etc. They have millions of lines of code; the Indian machines hardly any at all.
FalconShould there be a Law?
What we need is legal access to the actual code (+source, compiler, bootstrap process) running on the machines, not an illegal access to a piece of code someone chose to 'leak'.
And more importantly, we need voter-verified paper trail.
India's e-voting seems to be a pretty good system: Learning from India's Electronic Voting System
FalconShould there be a Law?
I hope you're not inferring that exit polls had anything to do with the mistaken "Dewey Defeats Truman" headline. That screwup had more to do with printing deadlines than anything else.
Time makes more converts than reason
Because, I would presume, he is more worried about corruption than about failure. Computers may be more reliable, but they are also far more corruptible than any human.
You will never find a human that will, after a few minutes of persuasion, reliably betray its principles, never tell anyone, never come back to blackmail you, and even completely forget the whole incident even happened should you care to ask him to, let alone thousands of identical humans who will do so in lockstep without giving the slightest indication that anything is amiss.
If you want a conspiracy that won't fall apart, use computers. If you want to prevent such a conspiracy, keep the computers as far away from the process as you can.
--MarkusQ
RE:[""what is good for the goose is good for the gander,""]
:)
yes, this is what i meant to put in the subjectline, i was primarily focused on the comment i was wanting to post, thanks
Politics is Treachery, Religion is Brainwashing
January, spring -- whatever! You know what I meant.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Unlike machine manufacturing corporations, people have no bias and would never commit fraud.
Oh. Wait.
kartune85 : Incapable of reason, observation or learning. A kind of dim, drab, flightless parrot.
Maybe they should read up on Kerckhoffs' Principle?
Ronald said nothing. He flung himself from the room, flung himself upon his horse, and rode madly off in all directions.
Here's a quote from the Freeman and Bleifuss book, Ch. 8, page 199:
The problem with Diebold code isn't with eternal crackers, it's with Diebold itself. Everyone knows what a mess Microsoft's made of OS's with viruses and spyware. But nobody suspects Microsoft of installing keytrackers to steal your passwords to rip off your finances.
Diebold, on the other hand, has said they want to deliver votes to the Republicans. The only thing I fear about the possibility of electronic voting code exploits is from the venders, themselves.
You are exceedingly naive if you think reality is the same thing as the rules. What if I, and a group of like-minded associates, run the polls in your precinct? We can run off any "independent observers" and do what we like with the ballot boxes. We can even pretend to be representatives of the major parties. We were all appointed by the local board of elections, whose members were all hand-selected for their willingness to "go with the program" by the local political boss.
Mea navis aericumbens anguillis abundat
I never claimed that the non-elecronic solution was 100% foolproof... only that the electronic solution suffers from additional vulnerabilities that the current solution does not.
We can run off any "independent observers" and do what we like with the ballot boxes. We can even pretend to be representatives of the major parties. We were all appointed by the local board of elections, whose members were all hand-selected for their willingness to "go with the program" by the local political boss.
Of course. If you are willing and able to break the law with impunity, you can do all of those things and more. But at least people will know that you broke the law ("running off independent observers" is a violation of the law), and with any luck the ensuing publicity will land you in jail (or more likely, the high likelihood of being caught will dissuade you from trying such shennanigans in the first place).
I don't think any voting system could be made to work properly in cases where all of the election workers and the local government are dishonest. So one has to assume that in most cases, at least some of the pollworkers are honest, or give up on democracy altogether. At least with the current system, cheating requires the subversion of the entire group of poll workers. That's better than a system where a single individual could botch the results without anyone else's help and without any creating any evidence of wrongdoing.
I don't care if it's 90,000 hectares. That lake was not my doing.
Let's hope there isn't still an undocumented backdoor account in GEMS.
The Australian Capital Territory has been using this software for their past two elections, and it's released under the GPL, and runs on Linux. I've just looked through a bit of the code, and I would like it to have documentation that describes it at a high level, and I'm sure they could make some improvements. Even so, it's still much better than (cough) other systems!
http://www.elections.act.gov.au/Elecvote.html
Also, you can pinpoint exactly where and when and to what advantage the Diebold hack occured. If we had such a system in place in 2004, there would have been hell to pay in Ohio. And it would prevent the upcoming hack in November, as they simply have to pinpoint individual precincts to alter -- no need to hack every machine. The pattern would be obvious if there were a paper trail.
In Ohio 2004, only 2 out of 88 counties used Diebold machines.
What's more, 68 out of 88 counties used manual punch card machines rather than any kind of electronic voting.
If there was really a "Diebold hack" there, it should be pretty damn easy to pinpoint.
Just use an absentee ballot if you don't trust the machines. They send you paper, you send it back.
Vote rigging is always going to occur no matter what system is in place. It's also easy to "lose" paper ballots. The florida fiasco was a paper based system, remember? Look how many people (on both sides) insisted their votes didn't get counted - even after recounts took place. If I recall, at the time the military was saying that absentee ballots weren't sent on time, so they couldn't vote.
Personally I think the problem is just overall government incompetence and a desire to spend more money on elaborate systems to keep the budget dollars rolling in. Think that will ever change? (Nope).
How much more obvious does it have to be what is going on with elections in America? This Diebold fiasco is so blatantly obvious as to be insulting to my intelligence. It is a first order robbery of our country and by transitive closure, the lives of our brothers and sons in wars for profit created by the criminals who stole our country.
We should not be talking about this. We should be vigilant with a capital V. People need to be lynched.
Businesses spend how many billions of $$$ every year protecting trade secrets? But Diebold isn't like them because...they're in the voting industry? You sir, are not an ardent follower of Occam.
I guess I'm going to spam the thread, see if I can raise awareness on this.
Think about what an unused trace on the PC board hanging off an appropriate bit in the IO section could do. Noise can contain information. So someone accidentally designs the board to emit more radio noise than necessary, and at various precincts where people want to be able to have reprisals against people who vote the wrong way, there are innocuous looking people listening to a radio near the voting stations, where they can see who is at the voting machine at any particular time.
After the election's over and everyone's guard is down, certain people get passed over for promotions, get moved on the fast-track to "voluntary" retirement, get their insurance papers lost in the mail, or, maybe, if the low-profile stuff doesn't work, get targeted by thieves, etc.
immediate gratification is one of the worst enemies of freedom.
you have a new bigot joke every day: you're just that kind of person.
Too easy to watch.
Anytime you have the ballot see electronics close to the place and time where the voter marks and submits it, you make it possible for an engineer to accidentally design the circuit to reveal the ballot content in radio noise, thus enabling surveillance.
The unreadable ballot and the desire to read the unreadable can't be avoided. They are part of the cost of any system that can provide anonymity. We just have to put prominent notices up to remind people to look at their ballots carefully, and spoil the ballot if they are concerned that it won't be read the way they intend.
After all, it's part of the responsibility of the individual voter to see that the ballot reflects the voter's choice.
VMs just provide one more place that has to be examined for strange games: the source, the compiler, the object, and, now with the VM, the interpreter.
All that dependence on cryptography adds complexities to the system that provide new potential points of corruption. Any technology which is not directly visible to and understandable by the voter provides a place to hide shenanigans.
And the issue of surveillance remains -- how do you keep an engineer from failing to seal off radio noise that can be monitored on an AM radio in the next room, where an innocuous looking person can see who is voting when, and then after the election is over people who voted the wrong way lose jobs, get important papers lost in the mail, have their children get extra attention from teachers, and worse?
If we've gotta do it for some reason, we must do it simply.
But the problem is that even at this level, the process is not visible and monitorable by the average voter.
And then there is the problem of a stray trace on the PC board which accidentally produces radio noise, which someone with an AM radio can monitor as he sits in a inconspicuous place watching the vote.
And after the election people who voted the wrong way have unexplained accidents happen to them.
My Suggestion: On election day, bring a tire iron to the polls. Also bring a box that people can put paper ballots into. When you reach the polls, take the tire iron and beat the shit out of the diebold machines. Destroy them. Drop the box on the floor, write in your vote and drop it in the box. Then leave and run like hell.
If we all did this, we would send a real message. And it would even be patriotic.
In Sweden we use paper ballots. It works just fine, the results are ready the next day. If lots of people use "pre-voting" at the post office the days just before the official voting day their votes get a few days delayed, that's all. No need to wait a week, just put in enough people to do the counting.
That's why democratic societies allow not only everyone (except foreigners, felons, slaves, wives, children, blacks, traders, non residents, communists, non believers, ) to vote, but also everyone to watch the counting.
Can paper elections be rigged? Of course they can. Can they be rigged as easily, as invisibly, as completely as digital elections? Hell no.
Run the election (N.B. the election is a lot more than just the voting mechanism) the right way and you'd need an implausably large conspiracy to sucessfully rig the vote.
What's mind boggling is that there's even a debate here. Get rid of digital voting machines. Hell, get rid of ANALOG voting machines. Piece of paper, ink pen, padlocked metal box. That's how sane people run elections.
Together with having people as independent as possible from any of the candidates running the election and the count taking place in a way where any interested party can watch.
I will still support the use of some form of digital voting machine to print these paper ballots with the voter's choice marked, so that the ballots are marked in a consistent fashion and help prevent spoiled ballots (two candidates marked for the same position for example)
If you were to have multiple elections on the same physical ballot paper it's perfectly possible that that a voter might wish to abstain from voting in one or more of these. In this case a some boneheaded software may force someone to change their vote. Even "none of the above" is not the same as abstaining.
"So how is this any different from a traditional low tech ballot box?"
Low tech is a wax seal and independent observers, nobody has yet come up with a "paper virus" that can switch the vote after you have made it.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
And the advantage of simple and stupid systems where people mark pieces of paper and other people count them is that because these systems are so labor intensive you need to corrupt a much larger group of people to throw an election.
In many real such systems you also have people watching those doing the counting. Which again increases the size of conspiracy you'd need.
We also have to get rid of our expectations to know the winner of the election on the day of the election or the next. Sane people are willing to wait a few weeks to get all of the counting done I guess.
There are plenty of examples of human counted paper ballot systems which do give a result within 24 hours.
Except for one problem - many states are demanding that Diebold add a paper tally to their machines, but are not willing to change the original contract.
For example, lets say you contract with an entity to offer a set number of widgets, and during delivery the entity demands that you provide more than the contract states without renegotiation of the contract. Would you provide it free of charge?
Neither will Diebold. Don't believe the conspiracy theorists. If Maryland and other states want a paper tally, all they have to do is pay for it. (Which is another matter all together as it was the "Help America Vote Act" passed after the 2000 elections that paid for the machines to begin with - now to "fix" them, Maryland and other states have to find funding elsewhere.)
I haven't lost my mind!
It is backed up on disk...somewhere...
Do you have any recollection of the Florida mess in 2000? The Gore campaign didn't like the results, and demanded recounts in certain districts though to be favorable to their candidate. There was no arguing about most of the poll documents, but because they were literally trying to differentiate between a few hundred votes, it came down to groups of people sitting around a table debating what they imagined a voter's thoughts really were when they left a partial impression next to ONE candidate's name, but then a slightly more dramatic impression next to another, etc.
Florida in 2000 didn't use paper (or even card) ballot paper. Instead they used a hack involving machine readable punched cards. Proper Ballot papers are nativly human readable, they may additionally be possible to tabulate by OMR. Check out a Canadian or British ballot paper and you will see that they have nothing in common with punched cards.
Sorry, you're wrong about the Florida election being applicable. The whole "hanging chad" mess doesn't happen when you limit the ballots as the GP suggested: Ink pen, paper, locked metal box. /That's/ how you guarantee both anonymity and clean ballots.
Can't fill in a block without bleeding over? You just trashed your ballot. Watch it get shredded, then re-do your vote.
Also use a pencil or a pen where the ink does not soak into the paper and a design of ballot paper which has clear separation between different boxes.
char candidate[] = "Bush";
int bush.count = 10000;
int other.candidate = -9999999999;
char vote[] = "";
cin >> vote;
if (strcmp(vote, candidate == 0)
{
delete.vote();
}
else
bush.count = bush.count + 10;
}
davecb5620@gmail.com
"It's true that with open source, someone could potentially find a flaw, not tell anybody about it, and then exploit that flaw to manipulate an election.", N3Roaster
"Thompson said, he typed five lines of computer code -- and switched 5,000 votes from one candidate to another."
"Electronic voting machines in Florida may have awarded George W. Bush up to 260,000 more votes than he should have received"
"Bill Lockyer, California's attorney general, said Diebold officials misled state leaders about the security and certification of its products to get payments from the state"
was Re:Open source & Availability
davecb5620@gmail.com
"You are exceedingly naive if you think reality is the same thing as the rules. What if I, and a group of like-minded associates, run the polls in your precinct?"
/rant
Exactly how Saddam got 99% of the vote, however pulling off a military coup is a tad more complicated than giving a single "hacker" 2-3 minutes access to a single machine. If this really is sytematic fraud then they will only cheat where they have to, I mean why be so obvious as Saddam's 99% when you only need to beat the other guy by a few percent.
It no longer matters if you fly a liberal or conservative flag in government, flying the corporate flag and keeping the unwashed occupied with wedge issues is what gets one "elected" in the US or any other country that "matters" in the corporate scheme of things.
I know of no perfect system for imperfect beings, unrestrained capitalisim gave a helping hand to Hitler in return for a glorification of cheap labour. It is estimated that ultimately half the population spent some time in concentration camps. Rabbid capitialism should not now be allowed to overtake the planet by stealth, I say if "freedom" and "democracy" are trully important principles then do as "I'm a dinner jacket" suggests, democratise the UNSC.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
If you want someone to take you seriously, you need to provide more than rumors.
You don't need the source code to realise the machines and the procedures surrounding them are open to undetectable fraud and who can say if a copy of "secret code" is kosha anyway? Even if we assume fraud is happening, evidence like that should be saved for an indictment, but at the moment there is no court case where someone has to prove fraud. However that is all just a distraction, doubters should not have to prove fraud, they should only need to show it's possible.
In other words: You need proof to indict someone, you don't need it to judge the usefullness of these machines. A simple application of logic shows the design of "paperless elections" is at best hopelessly vunerable to cheating, and at worst a bloodless coup.
My there are alot of AC's in this thread, or is that just a few very devoted AC's?
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
If the person with the source code wants to make Diebold make it open source, all they need to do is post it to the Internet and it's no longer proprietary. This is what happened with the RC4 source code in 1994.
...a sane election count relies on rabbidly biased people counting the votes in such a way as to maximize fairness. Most parents use the same technique on their kids to teach sharing, ie: one kid divides the cake, the other chooses first.
Unbiased people are not reliable enough for vote counting, they literally don't care about the "games" outcome so they are less inclined to question the prceedings and more inclined to systematic corruption via bribes, nepotisim, ect.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
Everyone seems to be missing the point that if our elected reps are getting the code now, the bad guys have probably had it for much longer.
That's right. Even in Florida, which was widely and correctly vilified for the electronic voting problems in 2000, had one county that got it right.
Union County used pieces of paper deposited in boxes; after the polls closed, people at each precinct took out the papers, sorted them into stacks, and announced the numbers of ballots in each stack. They had to reshuffle and recount for each election on the ballot (e.g. count for county commissioner, count for school board, count for president, &c.).
They were done counting and home by midnight. No one doubted the correctness of their count. I understand that they have since switched to modern electronic voting systems.
Tilt at windmills. Occasionally one will fall over out of sheer surprise.
Ben Hocking
Need a professional organizer?
Read this and then tell me if you still believe that machine voting would be much less corruptible than paper ballots. Remember to include in your re-thinking that it may be easier to fake one paper ballot but it is surely harder to fake them in bulk.
--MarkusQ
If so, how would a "paper trail" reveal any trade secrets - unless the secret was that the machine was cheating, of course?
Ben Hocking
Need a professional organizer?
Ben Hocking
Need a professional organizer?
Yes, that hanging chat was poorly designed paper ballots. The best paper ballot I've seen is the big 1 inch boxes where you put a big blank X over the persons name. You cant mess that up. The ones with lines are messy IMHO.
IIRC, Union county has ~14000 residents. That is a big reason paper ballots worked for them. With barely enough people to fill a single town, you don't run into any of the issues of scale that plague the larger jurisdictions in the country.
I read the internet for the articles.
I would argue that if you had a contract and the other party gave you defective widgets and completely knew about it, they are obligated to -- at the very least -- replace them or refund the money.
but for those that don't get it (like those mentioned in the article, apparently) any security that cannot withstand public scrutiny is highly likely to contain serious security holes.
Security auditing is expensive. For big systems that are "mission critical" such as voting, it's very expensive. You can either pay the piper and get your code audited by professionals, and after it's cleaned up you can release it to the public for scrutiny, or you can go cheap and not pay to have it looked at. A person that refuses to have their code audited is quite justifiable in being afraid of anyone studying their code, because they know there are going to be some holes in it and are fearful of the day they will be exposed. Unfortunately most of this subset dilute themselves into believing that this will never happen, or at the very least they will have made a proper clean getaway before it happens.
Sometimes they are right, but most often they are not. The only reason they have for this behavior is to save money. It must be saving them a great deal of cash if they are fighting it so hard.
In either case, we lose. I personally would lean toward voting for any candidate that vowed to push legislation that required all voting code to be publicly audited before it can be used for voting.
I work for the Department of Redundancy Department.
...is that if Diebold can make secure ATMs, why can't they make secure voting machines? Especially given their resources and experience. Sounds fishy to me.
We can pay $300B to goof off in Iraq, I think we can pay to run an election properly with paper.
That would make a great signature line.
--
If we can pay $300 billion to goof off in Iraq, then we can pay to run an election properly with paper. -- Unequivocal
They shouldn't be like them, exactly because they are in the voting industry. Nothing should be secret about the voting process. if Diebold or any other company have a problem with that then they should stick to bank machines.
We hope your rules and wisdom choke you / Now we are one in everlasting peace
Re:sample source code ..
davecb5620@gmail.com
"A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
Thanks for that link.
I'd counter by pointing out that:
--MarkusQ
This is why the vote count is observed by, as a minimum, a representative from each candidate's election campaign. If a ballot is clearly marked for candidate A but is tallied as a vote for candidate B, that is easy to detect and such tomfoolery can be resolved by a fresh count of the physical ballots by different people.
Try auditing a purely digital, abstract vote count where there is no physical ballot to examine. How can you trust a machine count that has a total vote count in excess of the registered voter roll? How do you audit this? Ask the computer for the total a second time?
Is paper balloting the be-all and end-all of voter fraud and skewed elections? No. But as has been stated before, to effectively skew and election it would require many, many more people to fudge vote counts since there are so many counts going on at once, all being observed by the interested parties. This is in contrast to an electronically skewed election, where the voting machines are skewing many, many votes, undetected and possibly in some unauditable manner.
I'll vote this November with a paper ballot, thankyouverymuch. Granted it's a paper ballot counted by an optical reader, but at least there is a paper record of my vote in the event of a recount.
Government's idea of a balanced budget: take money from the right pocket to balance...oh who am I kidding?
Sorry, lost my password and mail service is braaaking. /. team implemanet OpenID.net client ? :-)</i>
Why don't
That is not open source.
Or would any of you, guys and girls, compile and reinstall the sources before You do Your voting ?
Diebold is interestedg in governments purchasing their machines.
Governments are interested in nice voting results, won't extra 2 or 3 % be hard to spot ?
So, ok, lets Diebold shows <b>some</b> sources, how can You tell that block box in front of You has the software compiled form <b>that very</b> sources without single change ???
Making sure your vote is registered correctly is an improvement, but it does not address the puppet master you describe. In order to do that, you also have to change the voting system, perhaps to Condorcet. (Good luck with that.)
Ben Hocking
Need a professional organizer?
If you can volunteer to be non-anonymous, then you can also be "volunteered".
Ben Hocking
Need a professional organizer?
Not on the Diebold machines that do not have a paper trail.
As Diebold makes ATMs with printers they can easily makes voting machines with them as well.
FalconShould there be a Law?
"Why do you want to make sure that only the most fallible machine in the world can read the ballots?"
Because if you have a machine processing the ballots then you have simply moved the problem from one computer to another. Instead of a hack on the voting machines you now have to worry about a hack that impacts the tally machines.