Slashdot Mirror
U.S. Bars Lab From Testing E-Voting Machines
joshdick writes to point out a NYTimes story on the decertification of Ciber Inc. from testing electronic voting systems. It will come as a surprise to no-one here on Slashdot that experts say the deficiencies of the laboratory suggest that crucial features like the vote-counting software and security against hacking may not have been thoroughly tested on many machines now in use. From the article: "A laboratory that has tested most of the nation's electronic voting systems has been temporarily barred from approving new machines after federal officials found that it was not following its quality-control procedures and could not document that it was conducting all the required tests... The federal Election Assistance Commission made this decision last summer, but the problem was not disclosed then... Ciber... says it is fixing its problems and expects to gain certification soon."
Never in a million years did I expect this to happen.
I tried to think of a good sig, and this wasn't it.
Having worked with Ciber before myself, I'm not surprised. They basically leech off government agencies foolish enough to hire them. They charge a lot of money to essentially tell government agencies what they want to hear (which, in this case was "The e-voting machines are fine"). Their actual research methodology is, shall we say, "suspect."
SJW: Someone who has run out of real oppression, and has to fake it.
The real question is whether or not Ciber were following their procedures, but why they were not. There should be a full-scale investigation into things like, oh, maybe how much money has passed between Diebold and Ciber, and how much stock ownership Diebold has in Ciber and vice-versa. If you want to know why things happen the way the do, one merely needs to follow the money.
My blog
Basically they've been bared from approving new machines until they add a step to their test cycle called "fabricate documents". Unless officials are overseeing (actively watching) the testing process there is no way to determine which tests were run and passed and which tests simply were documented as passing.
All the news about voting machines being buggy, insecure, etc. is just ridiculous! Am I missing something terribly complicated in the requirements for how these machines should function? For shits sake they are glorified vending machines! Push A1 and you get a Hershey chocolate bar and H5 gets you a bag of BBQ chips. Now just replace Hershey chocolate bar with candidate A and BBQ chips with candidate B. Seriously, WTF is going on with these things!
I'm sure theres nothing stopping them from testing the machines, what they've been prevented from doing is approving them.
I wonder whether this decertification will cause anyone to wonder about the advisedness of using these very same voting machines in elections?
After all, we would not want to use untested electronic equipment in other crucial areas of life, like medical equipment. Why allow them to run/determine elections?
These voting machines sound so great that Diebold could export them to Cuba, Venezuela, China, Iran, and countless other countries for big $$$
There is most likely more information to this article that is not included. My concerns are....
f m
1. Cyber has been known for a long time as a "body shop". They have never been known as a certified testing lab.
2. What was to be provided in the Statement of work?
3. Is the customer looking at Certification and Accreditation with light security testing for the purpose of having an agency signed ATO or ITO or Common Criteria (EAL)ISO standard 15408 certified product. This is a huge difference as the first may just have documentation and light security testing.
Information on Common Criteria testing
http://niap.bahialab.com/cc-scheme/testing_labs.c
My guess is that the system owner was just looking for documentation and testing to support their system with the end result of a signed ATO and some issues identified through the process resulted in Cyber being removed.
It's just like Slashdot to make it sound like the problems that were discovered in the summer were just reported publicly, when they were actually disclosed almost 4 months ago.
Even bigger than the immediate problems is the assumption that the waterfall method works for testing the correctness and security of software systems. Let's say that this testing organization finds a serious security problem with the already "finished" system, one that can't be quickly and easily fixed? What then? There will be huge pressure to force a quick fix in place. Instead, the security audit should happen in parallel with design and development, so security problems can be found and fixed closer to their commission.
It becomes clearer why the US constitution has a 2nd amendment
It's never been explained, to my satisfaction, why the use of paper ballots (or at least paper TRAILS), had to be replaced with the computer-voting machines.
And not just replaced, but REPLACED RIGHT NOW with very little public input and negligible testing. Whenever I see such a huge rush to change something that's worked remarkably well for generations I get suspicious. When I see such a huge rush to change something that's worked for generations without any meaningful dialogue about whether it really should be done, I get even more suspicious.
When I see that same huge rush to change something upon which our Democracy depends, and that's been open to public scrutiny and has worked well for generations and replace it with some closed-source stuff that's not been sufficiently tested and the CEO of the company who provides said closed-source, easily hacked systems is also a major contributor to one of the political parties and who GUARANTEES DELIVERING A VICTORY TO THAT PARTY, I simply assume that the whole thing is pretty goddam crooked.
You are welcome on my lawn.
Imagine if people filed lawsuits to stop or delay the elections this last time, to undertake a comprehensive review?
OK, the government should not be in the business of designing and manufacturing equipment.
But why outsource the certification of equipment? This is precisely the kind of task that a government bureaucracy is best suited for: you have a routine task that is done by established rules and procedures. It's hard to see how a private company could outperform a government agency at apply a set of standards with unforgiving rigidity. The problem with government processes is that even good people working in them (of which there are many) are hampered by the bureaucracy's rules and culture, which limit the scope of individual initiative and judgment. In this case it would be a good thing.
The hard thing in the whole process is creating the certification standards. Here there is considerable use for consultants from academia and business.
What this suggests to me is that there aren't really standards. It looks like they just took the whole mess and swept it under the rug, letting the vendors select a sham certification organization.
This is an abdication of an important responsibility the government has. Not just to ensure free and fair elections, but to make sure it spends our money responsibly.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Despite the fact that it is an unpopular word and will probably make me sound like a nut I say Conspiracy.
People are up in arms about a company that does software QA work not following its own procedures when analyzing voting machines?
Why?
Irrespective of who gets elected, they're not going to act on your behalf anyway.
Sorry to be a bit cynical about this, but voting machines are not how elections are being "stolen".
My opinions are my own, and do not necessarily represent those of my employer.
Almost all the required testing is about machine performance and durability. Very little of the testing has anything to do with hardware or software security.
RTFA! Ciber is not banned from TESTING, but from certifying the machines as properly tested. This is due to Ciber not properly performing the tests, including completing the proper paperwork and observing the safeguards that ensure the tests are accurate. A better headline would be "Government Halts E-Voting Machine Certification - Testing is inadequate"
/. Editors, you should at least *rad* the linked article you are posting and put a *proper* headline on it, rather than the misleading inflammatory crap that you used. KDawson proves yet again that he is an utter boob when it comes to editorial selection and headlines. Time to fire his ass.
Sheesh. Come on
Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo! http://goo.gl/J9bkO
"you should at least *rad* the linked "
And I should READ rather than just spellcheck my posts. "rad" apparently is a properly spelled word; LOL!
Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo! http://goo.gl/J9bkO
Give me our good old fashioned paper voting up here in Canada any day.
should read
Jesus Murphey, this system is hosed, give me our flippin paper and pencil crayon voting up here in Canada any day, eh gorby ?
If the machines and their code are still obfuscated by the next election then the machines should be destroyed.
If the government and it's anointed tools aren't up to the job then it's the duty of the citizens to take care of the problem. It's why we have the right to bear arms. It's why Thomas Jefferson's memorial has such pithy inscriptions. We sadly, currently, live in exactly the situation the founding fathers foresaw.
If the only effective protest is the destruction of the tools of misrepresentation, and if people are willing to die for their freedom and to protect their country and their constitution there shouldn't be any problem. We should fight the threats at home before exporting our expertise to damage others abroad at the behest of corrupt industries. Our politicians have been funded/emplaced by the very companies who seek to profit the most from a muddled vote. If voting is our one sure way of getting a message across then it needs the same kind of protection that the Constitution requires. It requires and demands the right of the citizenry to implement deadly force to secure it's own voice.
With the long lines and the availability of floors and blunt objects in polling places it shouldn't take more than an hour after polling facilities open to accomplish the task nation-wide.
And to all those citizens who think this isn't the solution, please reply with one that's rooted in reality, and not some "hugs and tea" fascimilie of reality.
Cheers.
Every new form of media has it's own Requirimento
Ha ha, nice to see Fark's linking to this Slashdot thread (*) has produced some improvements around here :-)
/. much recently, so my knowledge of memes may be out of date... or maybe those guys all moved to Digg (bleh)
When Natalie Portman and Hot Grits (**) team up with Ceiling Cat and O RLY owl, anything is possible!
(*) No, I don't know why they didn't link directly to the article.
(**) Haven't used
With all of the problems of e-voting, and the lesser problems of paper ballot voting, I think it has become obvious that what we need is secure tallying, not secure voting. We're pretty good at getting people to properly mark up a ballot, hanging chads notwithstanding. Counting them up seems to be the source of problems. Whether is poll workers stuffing boxes or throwing them in the river, or electronic machines silently changing scores, counting is the issue.
Voting boils down to this: we want each legitimate voter to be able to change the tally of each issue or office by exactly one vote. My solution is to make each voter responsible for counting the tally and incrementing this by one.
I haven't worked out all the details, but stay with me in this bit of 'political science fiction':
Imagine that you walk into a polling station. You already have your PGP voting string that belongs to you and you alone. It was mailed to you by the board of elections. Another voter has just finished voting, and she hands a PGP encrypted string of the tally back to a poll worker. The poll worker checks the strings, and they are still legitimate. She hands the strings to you. This is where the crypto-mathematical hoo-doo comes in: using your PGP voting string, you can only affect each office race or issue by exactly one yes/no vote, and still be able to hand a valid tally string back to the poll worker. If you try to add two votes, it corrupts the string. If you try to subtract votes, it corrupts the string. You vote appropriately, and the poll worker checks the hash or something, and sees that the strings is valid. At the end of the night, all of the tally strings are decrypted, added up, and winners are declared.
I am not a mathematician; I probably will never be able to figure out how to make these strings. But I don't see any reason it can't be done. It probably won't work exactly as I described, but I am just trying to spark the imagination of minds more powerful than mine.
Other people have mentioned systems where you get a receipt that you can use later to verify your vote. The problem with that is you *cannot* that your verified vote is affecting the tally without identifying your specific vote in the official tally. An optical scan might tell you that your ballot is for Candidate Jones and yes on Issue #15, but you don't know whether your ballot is in the official tally. If you looked at the tally, you will probably find several ballots that are exactly the same as yours -- yes on Jones and issue #15 -- but you don't know if any one of them is yours. A machine might count 40 ballots that are identical to yours, but only decide to keep 15. Those 40 votes might think their votes were counted if they bother to check, but they are all looking at the same 15 ballots, each thinking that theirs is in there.
Computers are useless. They can only give you answers.
-- Pablo Picasso
I used to be ashamed of our technology on election day, but in light of news over the past several years, it really does seem to be effective. Paper, golf pencil, large 'X', thousands of volunteers to do the counting. Nothing to explain to voters, no fear of technology. Of course there's always the "people" element... corruption can only be reduced (hopefully) by technology, not prevented. Just my $.02.
"You can surrender without a prayer, but never really pray without surrender" - NP
This past election cycle I was very impressed by my states handling of elections. They have reaffirmed their commitment to paper ballots and optical scanners. They have even gone so far as to buy machines that would fill in the paper ballots for disabled persons using touch screen technology.
I'm a geek. I loves my shiny bits of technology BUT when it comes to voting I just feel safer with something tried, true and an audit trail.
And that's quite like the problem some of the ... let's say less democratic states were and are in: If you can't trust the way your government came into power, you will not trust your government. If you don't trust your government, you will not support it. If you don't support your government, you'll work against it. If you work against your government, you work against your country.
In other words, not allowing those machines to be tested is about as unpatriotic as you can get.
Apologies, my irony tags are in the laundry. Apply them where they fit according to your judgement.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
and not some "hugs and tea" fascimilie of reality.
Actually, I think that something along the lines of "Boston Tea Party" might be appropriate in this situation. It's time to stand up for what is right, people!
I've heard the debate go both ways about the pros and cons of electronic voting systems vs traditional ballots. Of course, each has their vulnerabilities.
If electronic voting machine developers are so bent on eliminating the paper trail, what about an electronic log that's designed with a physical limitation, such as one-time write memory? The machine would just burn a log entry after each voter finished voting. When you're done, you have a non-rewriteable memory storage device that reads something like voter 34 voted for W,X, and Y, voter 35 voted for X, Y and Z (think database record fields).
With something like this, you can go back and to some degree forensically reconstruct the ballots if a bug is suspected or found. Something like this would make it harder to make up a stack of forged ballots (a timestamp) or run the same scan sheet through the ballot scanner multiple times.
Sure, there's still vulnerabilities (missing log storage devices, perhaps even forged log storage devices), but it's something harder to forge than just using a pen and a ballot...and it isn't just a numerical count, either.
FWIW, during the last election. The city of Milwaukee ran out of ballots and several polling locations simply copied an unused ballot on a photocopier for additional ballots (!). Yes, they use the pen-marked scan ballots. Now there's an invitation for fraud.
Did the check clear?
Hack them
If enough people with sufficient tools and expertise agree to totally bork these machines on election day so bad that, when the votes are tallied, it's painfully obvious that they have been tampered with (say, negative votes, or clearly far more total votes than the total population), you'll have a genuine catastrophe on your hands.
Although a few machines might get damaged by your approach, the police or even national guard will see to it that the majority of machines are not damaged. However, if the tampering is not evident until it's time to count the votes, the effect would be staggering and probably garner world attention.
but I'm daydreaming...
A goal is a dream with a deadline
I believe there is an old russian saying, "The voters decide nothing, he who counts the votes decides everything."
>Paper print out for voter's records
And the voter's abusive husband's scrutiny, and the records of the person trying to buy the vote, and any union, employer, or church that wants to coerce the voter. The need to keep the vote anonymous and secret seriously complicates the job of designing a voting system.
...early in '06. There were only three labs approved to test voting machines, Ciber, Wyle and Systest.
i fornia-ITA-hearings-27281.pdf
Ciber and Wyle are in Huntsville AL, right next to the Redstone arsenal. They mostly do military gear testing, voting systems are a sideline.
Systest is in Colorado and *might* be the most competent of the bunch. Wyle and Ciber were the two used most by Diebold.
All three labs were invited to testify in California. Ciber was a no-show.
The other two come across as complete loons, Wyle especially. There is a transcript up of the hearings here, plus a link to the original MP3:
http://www.bbvforums.org/forums/messages/2197/Cal
Isn't this why the parent suggested displaying it behind a safety glass screen? I don't think the point was to allow a voter to take a receipt home with them. Rather, it's intended to let them confirm that a correct paper record has also been made of their vote before they leave the booth, in case a paper recount is necessary.
The only extra requirement I'd consider adding is the ability for the voter to cancel their vote if they disagree with the paper ballot. This should be by a visible mechanical means that the voter has clear and understandable control over. eg. Push lever marked "Correct" to control the door that drops the paper record into a ballot box. Push lever marked "Wrong", and watch the other door open to drop the paper record into a flaming pit where it's incinerated, after which the digital part of the machine allows the voter to cast an alternative vote.
Digital records basically aren't trustworthy in an election, no matter what, because you can't simply look at a computer or digital device and see what's happening inside. This is why the paper records should always be authoritative in case of any doubt, and digital records should only be used as a conveniently faster counting mechanism to have on the side. The complication is being able to make as difficult as possible for the two records to become inconsistent with each other.