An Open Letter To Diebold

jcatcw writes "Computerworld's Rob Mitchell tells Diebold President and CEO Thomas Swidarski how to regain Diebold's reputation instead of throwing in the e-voting towel. He recommends full disclosure of all existing problems, a process for disclosure of future problems, hiring of some real professionals as CTO and as an advisory group, and public testing. 'Surely if Diebold can make a secure ATM there is no reason why it cannot make secure and reliable e-voting apparatus in which the public has confidence.'"

Secure ATMS? Ha!

[MilesNaismith]

What makes you think Diebold ATM units are secure? I had a friend who worked in bank software. He said if you knew half of went what on, you'd keep your money buried in jars.

Re:Secure ATMS? Ha!

[arun_s]

The open letter sounds too idealistic, I can't imagine Diebold doing even half the things there. Looks like their line of thought is pretty clear from the second link:

Siwdarski is already trying to distance the Diebold name from its voting machine business to protect its brand.... the company recently ordered the name "Diebold" removed from the front of the voting equipment. Why? A spokesman would only say, "It was a strategic decision on the part of the corporation."

There's a fat line between what ought to happen and what actually does.

Re:Secure ATMS? Ha!

[commodoresloat]

Oh yeah? Well, I have a friend who posts on slashdot. He said that if you knew half of what went on, you'd keep making claims without any evidence at all!

secure ATM ??

[Dalec21]

ok .. maybe I am way off here .. was Diebold not the one that had all the videos posted of people cracking their ATM ?? [insert sig here]

VVPTs!

They left out what may be IMO the single biggest factor if you're going to have a DRE voting machine: a paper trail!

I don't care if it's open source, audited, proved correct, or whatever, I would probably feel more comfortable with a machine from today plus a printer.

I'm not really holding my breath on this...

[SeaFox]

He recommends full disclosure of all existing problems, a process for disclosure of future problems, hiring of some real professionals as CTO and as an advisory group, and public testing.

My recommendations:

• Make the code simple and open-source.
  
• No last minute "patches" being applied by Diebold personnel on election day with no explanation why or review of the code beforehand. The machines should be frozen for most purposes when they're shipped and completely at least 72 hrs before election day.
  
• Do a "dry run" of the election equipment to make sure everything is working properly before election day! I keep hearing about what sound like fairly simple problems cropping up at the polls that make you wonder if they do any testing at all on these systems before releasing them.

"Surely if Diebold can make a secure ATM there is no reason why it cannot make secure and reliable e-voting apparatus in which the public has confidence.""

When did they make a secure ATM?

The customer drives security.

[Paleolibertarian]

ATM's are bought by banks. As much a $250,000 can go through one ATM in a weekend. (Maybe more) The banks demand security. Voting machines are purchased by bureaucrats who probably use "password" for their office PC password.

I know the answer to this...

[quickpick]

Mr. Mitchell: Thank you for your concerns. STFU. I am Swidarski and all your votes belong to us.

But, wait a minute!

Someone clue this guy in. The Democrats won this time.

That means there's no problems with Diebold.

i have to ask

[blackcoot]

"Surely if Diebold can make a secure ATM there is no reason why it cannot make secure and reliable e-voting apparatus in which the public has confidence." — has diebold actually made secure ATMs?

But their voting machines ARE secure

But their voting machines ARE secure... the Democrats won!

Easter Egg

[Konster]

To gain access to root on these machines, enter this code.

Left left left, right, A, A, C, Right, Left.

secure enough

[Russ+Nelson]

Diebold ATMs aren't "secure"; they are merely secure enough that no further investment should be made in them because the losses are cheaper to accept than the cost of the increased security.

The ugly truth of voting is "lots of votes get flushed". The reason we trust our system of voting now is because we have partisan poll watchers who are making sure that the other party doesn't take liberties. In other words, little old ladies. No, all respect due to little old ladies, but do you think they feel confident being in charge of any kind of new technology? If they're wise, they won't be.

threads are dead (?)

[arun_s]

Can somebody puhlease fix the site (or atleast have a notification on the front page if something's being fixed)?
Why's poor /. gone so buggy all of a sudden?
Detailed information is provided by these gentlemen.

ATM Security

[kg4czo]

The Fed regulates the security involved with ATM's. Every last detail is laid out, down to the 3DES encryption. Nothing regulates voting machines, and no sign of QA. Diebold didn't care, nor did the beurocrats that signed the damn order to unleash these pieces of shit on our population. Let's hope someone gets sued outta the shitstorm, and things change..... But I'm not holding my breath.

Obligatory

[gsfprez]

I, for one, welcome our Diebold-provided Republican overlo.... what?

oh. shit.

does that mean we like Diebold now?

at least, there's going to be lawyers crawling all over the place making sure no one got disen... wait? They aren't?

holy shit.. i'm so confused. Fsck politics.

How about starting off with

[gamer4Life]

banning all employees from being affiliated with any political party?

Why electronic?

[paulthomas]

Maybe paper offers a greater degree of transparency than electronic bits. We shouldn't hope for more secure electronic voting machines, but rather a public realization that sometimes "if it ain't broke, don't fix it."

Sure, cryptography, open-source, signed binaries, etc. begin to offer the transparency we need in voting, but at the moment, the expense greatly outweighs any conceivable benefits (what, no need to argue about chads?).

Paper voting works. Distributed counting means less impact from an individual case of polling-place fraud, and the paper record can be stored for a public recount where many eyes can verify the results.

Shouldn't be secret

[Cracked+Pottery]

The design and source code of the machines should be public information. All of them. There should not be any IR or wireless connectivity. That includes the tabulators. Touch screen voting is slow, dumb and expensive. Complicated elections eat up time. Optically scanned ballots only need a few additional tables to accommodate a heavy turnout. Machine time per ballot is minimal, and the ballots can also be counted by hand.

Surely there are more than enough reasons

[A+beautiful+mind]

...why voting machines can't work:

"Surely if Diebold can make a secure ATM there is no reason why it cannot make secure and reliable e-voting apparatus in which the public has confidence."

ATMs are much easier to make. The ATMs _can_ trust the bank. The user can easily verify if the ATM works or not because they leave a "paper trail" (um hello, if it wouldn't give precisely the amount of cash out that you requested, wouldn't it be a little bit suspicious and wouldn't people have noticed it?).

Voting machines cannot trust neither the user, nor the authorities and to top it off it has to be verifyable to both. In short, a much harder problem.

The requirements to verify the voting process if paper ballots are used: being a non-retarded human being and a small amount of time.
The requirements to verify the voting process if voting machines are used: electrical engineer and programmer proficient in all related languages and access to the source code, months of time verifying the voting machine, then making sure the voting machine used at the election is the same one you verified.

If you look at it from the average person's perspective: in the first case the voting process is transparent for the average person. They understand and if they want, can verify the local process. Paper voting also gives a much better accountability to the overall picture. You generally count the votes locally, then make a official log about it, send the result up in the chain. Then when the overall results are known, you can check the website or whatever to see whether the numbers up on the website about the local results match with your local results you have in your hands. I know that if they didn't it would be found out pretty quickly because at least some people do make this comparison. So now we know that the local results on the website match the local results in the local voting stations. Now you can just simply add up the local results to check the big picture, whether it matches. At least some people will do that, so you can be reasonably certain that the results are pretty accurate, because to tamper with the outcome you would have to modify things on a local level at lots of places simultaneously and since we're talking about paper you'd have to involve a lot of people so we would know about it if someone attempted it.

In the second case, even if you would have the overlapping skill requirements to verify stuff, you still need to have the time and the access. Then, votes are tabulated not at a local level, but a step above, at a regional level, so you reduced the number of places you would have to tamper with in order to skew the voting process. Since it is a complex electronic process which few people understand exactly, you can modify the results involving much less people and can do it in a much more stealthy way. Since it is electronic, carrying out the act on a wholesale level is not a problem for the bad guys. You got to ask the question one time: which is easier: simultaneously manipulating a few tonns of paper scattered across the whole country when they are guarded by thousands of people, or voting machines coming from two main sources, two companies which aren't guarded at all, or to be more precise, people are forbidden to guard them (source code-wise) and even if you would attack not at the source code level, but at the regional counting level, then it's still much easier to tamper with than with paper.

We have to face it: not even an open source voting machine is good enough. It's much easier to simplify the ballots to catch up with the only positive thing voting machines provide, than to design an electronic system capable of transparent, accountable voting. Even if you take a barebones microkernel/firmware voting machine, it is still a hundred thousand(*) times more complex than paper voting.

*I just pulled that number out of my ass, but I think most people underestimate the complexity difference between the two methods.

Why would I want Diebolt to regain its reputation?

[Project2501a]

You guys are missing the point:

Given that:
1) the CEO, all of current management, sales and computer programmers who kept their mouths shut, remain in place,
2) the CEO being the same person who pledged to bring the elections over to the Republicans,

what would a solid reason be which would give me ANY, even tiny, reason to put ANY amount of faith, back into Diebolt?

My Open Letter

Dear Diebold

After years of absymal performance, the public is understandingly distrustful of both your product and company. Don't fret, the world's expectations for the performance of the entire computer industry are quite low. Products don't even have to be good, just good enough.

So here are a few steps you can take to finally gain voter's confidence:

1. Under no circumstance should you release your source code. I know that earlier revisions have been distributed to the general public, and look at all the trouble that has caused. It is better to remain silent and thought a fool than to speak and remove all doubt.

2. Outsource, nobody ever got fired for outsourcing. Americans will celebrate knowing that many nations came together to build their democracy.

3. Encryption is an overrated buzzword. People love transparency in the democratic process.

4. Paper trails increase the price of an election for taxpayers. So do your patriotic duty and keep costs to a minimum. Besides, if the paper trail and computer result were different, it could create a lot of work and problems for your fine institution.

5. Another method to keep costs down is to minimize luxuries like manuals and support staff. Don't worry, elderly volenteers will learn how to operate and repair these systems with ease.

6. Hire a well known person to oversee my proposed inititives. I recommend Karl Rove, I'll bet he'll even pay you for this privilige.

7. To prove that the public knows that you are running this company for the love of democracy and not money, I'd recommend everyone employed by Diebold to dump their stock before doing anything else I have recommended. To get a fair price, you'll need to know about the status of the company, so build a Diebold Accounting program to count your assests (it shouldn't be too hard to fork your voting software). Remember that it is your corporate duty to release the results to the public.

To ensure that no politican could ever shut you down, claim that you have created many jobs. To bolster your numbers, claim that the dead work for you, if they can vote, why not make 'em work?

See you in 2008,
ac

I think they've got bigger problems

[Kris_J]

Now that the Democrats control both houses, I think Diebold is looking down the barrel of some serious election tampering charges.

Wait, who cares if diebold *can* do it?

[np_bernstein]

First off, the United states has MASSIVE Debt right now. Diebold, secure or not, is HUGELY overcharging. There are perfectly good alternatives which are OSS & Free. Now - I like open source, but I have no problem with commercial software. Hell I work at Microsoft. Voting systems are one place where the code should be open. This is one system that should be maintained by the public & the government and not a penny should be exchanged for it.

Now, I'm all for people making a living at developing commercial software. Diebold has smart people and they can figure something out to make a buck. Heck, as far as I'm concerned, if they can meet some standards they could sell the hardware. But - the US Debt per person is $28k each. Isn't there other things that we could be using the money we're spending on voting machines on? Here's some that I can think of:

• Balancing the budget
  
• Research & Development Grants
  
• Education Loans/Grants
  
• Small business loans/Grants
  
• public financing of elections
  

Anyway, just $0.02
-n

Is there any real chance of full disclosure?

[edwardpickman]

If there's a hand in the cookie jar full disclosure is highly unlikely. I said before the election was over that if the Democrats won in some of the close states there wouldn't be an inquiry because it might expose attempts to sway the elections by Republicans. With the Senate so close there hasn't been a whisper of opposition. Given how hard the Republicans fight I find it really telling that they aren't claiming fraud by the Democrats. I have a feeling the election wasn't so close but fraud managed to make it close but still couldn't win them the election. There were multiple claims of fraud and election problems on the day but everyone is letting it pass quietly. There needs to be a paper trail and the representatives from each party need to oversee security at every polling place. Even if it means flying Democrats into the deep south to balance things.

think bigger, and simpler

[pascalpp]

The problem with electronic voting machines is dwarfed by the problems inherent in the way voting is done in most states. Oregon has been using vote by mail for 10 years and they consistently have higher voter participation than every other state and practically no fraud. What's more, voters are better informed about the candidates and issues they're voting for and have time to research before voting. To learn more, check out: http://www.votebymailproject.org/whyvotebymail.htm l Electronic voting is cool, especially for a user interface geek like me, but in this case, simpler is better.

Those damn tags!

[GFree]

So... many... traps

Is Slashdot infested with mice (or other vermin) to require so many itsatrap tags or what?

Public votes have no place among corporate persons

[tykinnison]

The point, I hope, that does not get dimissed, is that our votes have absolutely no place being counted by private interests. None.

Irrational company bashing

[fortinbras47]

How much of the criticism of Diebold is legitimate and how much is over the top political grandstanding?

I don't know quite how it happens, but through some process, it becomes in vogue to completely hate and irrationally bash a company. For a while it was cool to hate Nike, but then people got over it. Same with the GAP. (Maybe its the millions they spend on ads.) Now the latest is for all the politicians to bash Walmart. Hillary Clinton returned Walmart's contribution to her campaign "because of serious differences with company practices." She USED to sit on the Walmart board, and it's not like they made some dramatic change in strategy. Academic studies show that Walmart provides the same kind of wages and benefits as other companies in the retail sector, but that doesn't seem to affect the Walmart criticism.

Techy people love to hate Microsoft, sometimes for good reason, but much of the stuff you read on Slashdot is beyond way out there. My impression is that the anti-Microsoft crowd is getting smaller. Nobody seriously talks about breaking Microsoft up into separate companies anymore, even though Microsoft is roughly about as dominant in the OS and office suite market as it has ever been.

PR is expensive, and I guess giving up the vote machine business may be Diebold's only way to get out of the political target sight.

Not likely

[eclectro]

The same hubris that made them lie on the video in "hacking democracy" will lead them to ignore this letter. I poll watched Tuesday for a couple of hours, and even though there was the veneer of smooth operation here, in actuality there were numerous unseen problems/potential problems.

• Poll workers were not familiar with the technology. They all know what a computer is, but they don't know what happens inside the computer. Like the difference between "registering a vote" (best for a testable system) versus actual "counting the vote" as the individual Diebold machines do.
• These machines (unlike the ones in Virginia) do produce a paper tape of the votes. I bet Diebold, being the cheapskates they are, used the same printer used in the ATMs. The printer housing protrudes about 10 inches away from the touchscreen. So when the voter stands at the machine to vote the printer is at the side of the voter so the voter can not see it. I saw only one person watch what was printing, and he had to do this by stepping back from the machine after pressing each selection. Everybody else just ignored what was being printed.
• There was numerous problems with inserting the voter card into the machine. Even though the voter put the machine in the card, it seemed to occasionally have a hard time accepting it, and it hung up a few people. A small detail, but with thousands of voters vying for a few machines and poll workers needing to attend to it, it has the cumulative effect of making the lines longer.
• The elderly, handicapped, and infirm all seemed to universally struggled with the machines. While they may normally struggle with any voting, I overheard one person tell her caregiver and these were her exact words "those machines are hard." Her caregiver responded and said "no, those were easy" which brings up the next critical point;
• Everybody liked the computer touchscreen. We are a nation that for the most part embraces new technology. But because "it's a computer automatically means that it's right" thinking takes over here. I heard many voters say "that's slick" or "that's neat." The public needs to be educated between the difference of "being slick" and "being correct." Election officials that had problems were quick to excuse it as "operating error" and big media inexcusably reported it as such, but clearly there are issues of usability that come into play with these machines. Giving voting machine vendors a pass on this is inexcusable. I think the election officials "defending their purchase" rather than address issues is wrong. And as voters think "Because it's a computer" does not make the machine and software operation and design correct (as any slashdotter will tell you), voting machine vendors should not take advantage of this to ignore problems.
• I wonder what the durability of the memory cards are. Maybe my fellow slashdotters could enlighten me as to the number of read/write cycles before they go bad. This needs to be a matter of public record. Remember, these cards are facing industrial duty with millions of votes cast. Are they rated for this use or did they get them from CDW? I bet they aren't. This seems like a potentially fatal election killer to me if one of those cards break, either from memory going bad or the physical bending of contact pins in the slot (I have seen that happen with other cards).
• While we have a paper trail, if there is a recount needed, how hard will it be for the election workers to read the votes in tape form? How long will this take? How accurate will it be, or will the recount only serve to confuse the outcome further or will it clarify it? As can be seen, the political climate is such that a recount happenning is guaranteed. Also, for all those machines without a "paper trail," because a recount is impossible (as it's just a re-tally), they should not be a part of an election syste

Flawed by design

[erroneus]

"The democrats won! No problem then right?"

Idiots. Shut up already. There were a lot of eyes on this election cycle. There was a lot of public and organized outcry about the use of Diebold software and equipment. There's a pretty good chance that any attempts to rig any of the elections were aborted.

It seems more than just a little strange to me that with all the public outcry against Diebold that it was implemented anyway. With such great public knowledge about the flaws [read: dangers] in the devices and systems, if these were cars, people would simply stop buying and driving them. The voters didn't often have any choice in the matter and when they did, it has been shown that they opted for some paper ballot form such as the absentee ballot. (There was a lot of paper balloting this cycle!)

To me, it seems like there was great resistance to KEEP the flaws in place in spite of public outcry. I'm still interested to know WHO wants to keep these flaws in place and why. I'm really wondering why people aren't asking that simple question and how that question didn't get exposed and used on the campaign trail? (Imagine a candidate campaigning with 'my opponent has ignored the public's interests by keeping these demonstrably unsafe voting machines in place!')

There were a lot of eyes on this election cycle and many people were poised to attack against election fraud. But just because democrats won of lot of elections this time around doesn't mean fraud didn't happen and that it wasn't perpetrated by democrats. I think the most significant thing here was that there were a lot of eyes on the elections. I hope we keep it that way and keep the public's interest in keeping it that way as well.

Electronic Voting Machines

I am originally from India and I am watching this thread about Diebold Electronic Voting Machines (EVMs) with amusement. Come on, even Brazil & India have better experience with EVMs.
      However, on a serious note, the Indian experience has a relevant takeaway. The EVMS are procured by a single entity, Central Elections Commission (CEC), which is similar, to the (toothless) US agency, FEC
      I live in NJ, home of 600+ Boards of Education. What has this done? Drive up the cost of Education and increase property Taxes.
        If FEC can procure EVMs (from different manufacturers), this will
                a. drive the cost of EVMs down. (The EVM manufacturers don't have to market their wares to each individual county)
                b. More importantly, FEC can demand a tougher security audit of these machinesand ensure that all the EVMs conform to a single Security mandate.
          Why does only the Federal Govt. decide things like National Security & minting of currency. Becuse these are matters of vital, national importance. I can't think that the proper tabulation of votes doesn't belong in the same category.

Beta Testing on Voters

[secondhand_Buddah]

Rob Mitchell is missing the point. You cannot run an election on beta software. You cannot use a real election as a beta testing process to debug your software.
Diebold should be treating their voting machines with the same reverance as NASA treats their operational platforms because, like space flight, there is no second chance in an election. You cannot just restart the process and continue. If a voting platform fails, the entire election process effectively fails. Diebold needs to do the job properly the first time, and if they can't then they must be man enough to admit it, and get out of the game early.

It's all about incentives

[rollingcalf]

Freakonomics logic applies here. It's all about the incentives.

Banks have far stronger incentives to ensure the ATMs work right, and you have more recourse if something goes wrong. If you lose money because of a faulty ATM transaction, you have enough time to follow up and recover it. Whereas with a voting machine, there are tight deadlines for calling the results, and once the results are officially announced it's too late. If something goes wrong and the bank loses money via the ATM, the banks eats the cost, which gives them an incentive to ensure it does not give out too much money.

On the other hand, an electronic vote machine maker has much weaker incentives to do it right. It is actually against their interest to produce a paper trail, because that could expose the inaccuracy of the vote counts and reduce their future sales. In addition, the political leanings of the management or engineers give them an incentive to deliberately do it wrong.

The only way to give proper incentives to do it right is to (1) require a paper trail that can be recounted by humans and (2) manually count the votes from a random sample of machines, with the randomness based on a physical process like flipping coins after the polls are closed (2) order a manual recount of everything if the manual count of the sample differs from the machines by a specified margin, and (3) the supplier of the voting machines does not get paid if a manual recount is triggered.

Ultimately though, electronic voting is a solution looking for a problem. There is no need for it; other countries have shown that pure manual counting gets things done efficiently and accurately, as long as there are representatives from all major parties involved so they can watch each other. That the US is much bigger than those other countries is irrelevant; it is only required for states to report their results, and each state is not much bigger than those countries that run their elections nationally. In addition, the bigger the population of voters is the more counters you can get.

A Simple Exercise In Self-Auditing

[frozenray]

Exercise: Make a drawing on paper of what your system looks like from the point of view of people on the outside. Draw it in a similar fashion to how one might draw a house, or a favorite car.

A) If your picture looks like or includes any of the following objects, proceed to step C:

• A block of swiss cheese
  
• A large question mark
  
• A fat mall-cop with powdered sugar around his mouth
  
• A small child in a corner, crying, holding a security blanket
  
• A Diebold voting terminal
  

B) If your picture looks like or includes any of the following objects, proceed to step C:

• Fort Knox
  
• A medieval castle under siege with the invaders having boiling tar poured on them.
  
• A resettable Viet-Cong boobytrap with dozens of pigs already skewered on it
  
• The business end of a .357 Magnum
  
• An illuminated Jesus standing atop a Sun E10K
  
• A solid, faceless slab of hyperdense radioactive metal extracted from the heart of a neutron star
  

C) You need to increase your system's security.

Full credit for this one goes to /.er Bowie J. Poag (16898)

Look to Victoria

[argent]

Victoria, Australia is testing a new voting machine in elections this month.

They print out a standard ballot, which is deposited in the ballot box.

And they're counted by the same machines that count hand-filled ballots.

If Australia, with its complex transferrable vote system, can handle this... why can't the US?