U.S. Bars Lab From Testing E-Voting Machines

joshdick writes to point out a NYTimes story on the decertification of Ciber Inc. from testing electronic voting systems. It will come as a surprise to no-one here on Slashdot that experts say the deficiencies of the laboratory suggest that crucial features like the vote-counting software and security against hacking may not have been thoroughly tested on many machines now in use. From the article: "A laboratory that has tested most of the nation's electronic voting systems has been temporarily barred from approving new machines after federal officials found that it was not following its quality-control procedures and could not document that it was conducting all the required tests... The federal Election Assistance Commission made this decision last summer, but the problem was not disclosed then... Ciber... says it is fixing its problems and expects to gain certification soon."

Hacking Democracy anyone?

[spammeister]

Never in a million years did I expect this to happen.

Personal experience with Ciber

[elrous0]

Having worked with Ciber before myself, I'm not surprised. They basically leech off government agencies foolish enough to hire them. They charge a lot of money to essentially tell government agencies what they want to hear (which, in this case was "The e-voting machines are fine"). Their actual research methodology is, shall we say, "suspect."

The real question

[morgan_greywolf]

The real question is whether or not Ciber were following their procedures, but why they were not. There should be a full-scale investigation into things like, oh, maybe how much money has passed between Diebold and Ciber, and how much stock ownership Diebold has in Ciber and vice-versa. If you want to know why things happen the way the do, one merely needs to follow the money.

so its a problem of documentation

[bhalter80]

Basically they've been bared from approving new machines until they add a step to their test cycle called "fabricate documents". Unless officials are overseeing (actively watching) the testing process there is no way to determine which tests were run and passed and which tests simply were documented as passing.

WTF?

[s31523]

All the news about voting machines being buggy, insecure, etc. is just ridiculous! Am I missing something terribly complicated in the requirements for how these machines should function? For shits sake they are glorified vending machines! Push A1 and you get a Hershey chocolate bar and H5 gets you a bag of BBQ chips. Now just replace Hershey chocolate bar with candidate A and BBQ chips with candidate B. Seriously, WTF is going on with these things!

Re:WTF?

[techpawn]

B7... DAMNIT! I wanted Skittles not the Republican...

Re:WTF?

[Dorkmaster+Flek]

WTF is going on is that when you push A1, you physically get a Hershey chocolate bar. With electronic voting machines, you get nada. Zilch. Nothing. Diddly squat. Oh, except for a little screen that says you voted for Candidate A, but how do you know? You didn't mark off a piece of paper that can be verified by hand. Your vote is now a series of bits somewhere in the magical land of cyberspace. Electronic voting only works with a verifiable trail, and that basically defeats the purpose of the electoral system because your vote can now be checked and hence influenced. Give me our good old fashioned paper voting up here in Canada any day.

Re:WTF?

[simm1701]

Paper print out for voter's records, paper print out on a roll visible behind safety glass screen that the voter can verify which is archived for verification - its not difficult - shop tills (checkouts) have been doing the same thing for years.

Re:WTF?

[mpathetiq]

I wanted a candy bar which was "HH" so I hit H twice, and fuckin' potato chips came out! They had an "HH" button! Christ - you gotta let me know! I didn't learn my AA BB CC's god god dammit dammit.

Re:WTF?

[OldeTimeGeek]

The Sequoia electronic voting machines that some of the California precincts use can do this, but only after you've already cast your vote. Unfortunately, the ballots have so many items sometimes that you can't show all of the results in the same window without making type that so small that it's unreadable without a magnifying lens.

Re:WTF?

[Thansal]

Down the hall from my office is a vending machine. The screen is fubar, and it is mostly empty. However every so often it gets restocked. The fun part is that if you start punching in random numbers it will start running the coils. The only reason there is anytihng left in it is that you can't get some of the coild to run at all. Yet they keep on restocking it!

Now, in this case all that happens is the idiot who ones the machine is out a nice chunk of cash (especialy as he keeps on restocking it). If this was to heppen with a voting machine it might be a bit of a bigger problem.
"Yes, I hit E7 tryign to vote for the Mr. X for the state legislature, however the screen flashed a bunsh of thigns then thanked me for voting and to let the next person use the machine."
Instead of:
"Yah, I hit E7 and then ever 2nd screw on the E line went off in order"

Things mess up, things can be broken into (Vending Machine Hacks).

Re:WTF?

[Viper+Daimao]

I like when you reach into the vending machine to grab your candy bar, that flap goes up to block you from reaching up. That's a good invention. Before that, it was hard times for the vending machine owners. "What candy bar are you getting?" "That one, and every one on the bottom row!"

Re:WTF?

[mpathetiq]

I wanna make a vending machine that sells vending machines... it'd have to be real fuckin' big!

Title misleading

[sjf]

I'm sure theres nothing stopping them from testing the machines, what they've been prevented from doing is approving them.

And the net real-world effect will be...?

[maidopolis]

I wonder whether this decertification will cause anyone to wonder about the advisedness of using these very same voting machines in elections?

After all, we would not want to use untested electronic equipment in other crucial areas of life, like medical equipment. Why allow them to run/determine elections?

Bigger problem -- waterfall process

[GGardner]

Even bigger than the immediate problems is the assumption that the waterfall method works for testing the correctness and security of software systems. Let's say that this testing organization finds a serious security problem with the already "finished" system, one that can't be quickly and easily fixed? What then? There will be huge pressure to force a quick fix in place. Instead, the security audit should happen in parallel with design and development, so security problems can be found and fixed closer to their commission.

Re:Bigger problem -- waterfall process

[aadvancedGIR]

No, what you are saying can work for internal validation, but here, we are talking about official certification.
1- it has a meaning only if it is performed on the exact system that will be delivered.
2- it absolutelly needs to be performed by an independant structure (they don't work for the audited manufacturer and have no financial interest in either aproving or rejecting the audited item).

Of course, it brings a less efficient process, but if those rules are not respected, the real reaction to the discovery of a bug may be "write that the test is OK or you're fired".

But why?

[PopeRatzo]

It's never been explained, to my satisfaction, why the use of paper ballots (or at least paper TRAILS), had to be replaced with the computer-voting machines.

And not just replaced, but REPLACED RIGHT NOW with very little public input and negligible testing. Whenever I see such a huge rush to change something that's worked remarkably well for generations I get suspicious. When I see such a huge rush to change something that's worked for generations without any meaningful dialogue about whether it really should be done, I get even more suspicious.

When I see that same huge rush to change something upon which our Democracy depends, and that's been open to public scrutiny and has worked well for generations and replace it with some closed-source stuff that's not been sufficiently tested and the CEO of the company who provides said closed-source, easily hacked systems is also a major contributor to one of the political parties and who GUARANTEES DELIVERING A VICTORY TO THAT PARTY, I simply assume that the whole thing is pretty goddam crooked.

Re:But why?

[natoochtoniket]

It's never been explained, to my satisfaction, why the use of paper ballots (or at least paper TRAILS), had to be replaced with the computer-voting machines.

It's really very simple. Paper records (such as ballots) are the evidence that can be used to verify the results of an election, or to prove when election rigging has occurred. If you want to rig elections without getting caught, it is essential that there be no evidence. Hence, the paper had to be eliminated from the process.

The only people who oppose paper ballots are the ones who want to rig elections.

Re:But why?

[Entrope]

I guess you don't remember 2000's election.. a large part of the push for electronic voting machines (and the Help America Vote Act, aka HAVA) was claims that older systems were inaccessible or misleading. Southern Florida's butterfly ballots, locales without Braille versions of the ballot, and others were seen as disenfranchising or miscounting votes. Those -- on both sides of the aisle -- who pushed for the change clearly did not think it through when setting deadlines.

Re:But why?

[forkazoo]

It's never been explained, to my satisfaction, why the use of paper ballots (or at least paper TRAILS), had to be replaced with the computer-voting machines.

And not just replaced, but REPLACED RIGHT NOW with very little public input and negligible testing. Whenever I see such a huge rush to change something that's worked remarkably well for generations I get suspicious. When I see such a huge rush to change something that's worked for generations without any meaningful dialogue about whether it really should be done, I get even more suspicious.

In 2000, we realised that things were fucked up. Seriously, they really were. They had been for a long time, and we finally realised it. Florida shouldn't have gone down the way that it did.

So, after that mess happened, rather than a careful introspective discussion about the best way to ensure that democracy was served, some slick saleslobbyists showed up and the conversation went something like this:

"We have to do something!"
"This is something."
"We have to do this!"

Because the congresscritters knew that if they didn't look busy and make some noise at a press conference about how they passed legislation to save America and Freedom and that Democracy thingie, then they might get fired. They knew that the voters wouldn't read the bills. They knew the voters wouldn't deeply contemplate the bills. They also knew that if all hell did break lose, they would have another chance to have a press conference, pass another bill, and make some noise about how they saved that Democracy thingie that everybody talks about.

Re:But why?

[bigpat]

"Oh yeah because paper ballots were used so well to confirm the Florida elections in 2000 and sparking a constitutional crisis."

I consider paper ballots as where the person actually makes a mark with ink on a piece of paper, not some weird misconceived contraption where you punch holes in the paper with a poker. By that way of thinking even if the computer makes the actual mark you would still be calling it a paper ballot. Pen and paper, is it that inefficient that we are scrambling to get away from it?

Is it so hard to conceive of an imperfect world where people don't want to play by the rules, that election fraud is relegated to just another unfounded conspiracy theory in you mind?

I do think the motivations of some are very suspicious, but I think the motivations are probably more based on the desire to make money on voting equipment. That voting machines make election fraud easier and nearly undetectable maybe just a side benefit.

Oh and were those hanging chads really worse than a virtual electronic ballot? At least the malfunction in the system was detectable. In a computer, errors in programming or hardware, either intentional or not, would be somewhat abstracted from the final result. Personally, I would prefer that both I and the elected person know that there is some doubt as to the intentions of the electorate versus allowing a elected official to hold office without knowing that his or her election was the result of some funny business.

But yes, some people would rather live in a society without integrity where the conflicts and corruption is ignored for as long as possible. Short term peace at the expense of longer term integrity.

Re:But why?

[ajs318]

Only in the USA could a corporation's secrets be valued more highly than the Democratic Process.

Any voting system requires Universal Comprehensibility in order to be trustworthy. After all, how can you trust something that you cannot even understand? The use of Open Source Software is not enough: it restricts the set of people who can understand the system to competent programmers.

Elections should not depend upon any technology that is beyond the understanding of a school leaver with passing grades. Pencil, paper, slotted boxes, wire seals and hand-counting have been used successfully since democracy was first invented. Everybody can understand how they work -- and, just as crucially, all the potential failure modes.

What's more, using complex machinery doesn't change the failure modes, nor the need for vigilance. If the voting machines use a paper journal roll, someone still has to inspect each and every machine to make sure that the take-up spool is empty at the beginning of the election, and certify same by fitting a tamper-evident seal which prevents the machine from accepting votes. How is that any better than someone checking that each and every ballot box is empty, and sealing the slot with a tamper-evident seal?

Re:But why?

[bigpat]

Is it so hard to realize that the paper ballots/trails are just as susceptible to election fraud as electronic ballots such that electronic voting is just another unfounded conspiracy theory in your mind?

Yes, it is. Election fraud is much harder to pull off when it involves someone actually putting pen to paper. Logistics are important to election fraud because it has to involve as few people as possible and be very uncomplicated to assure success. Pressing a few buttons on a computer and having a voting history destroyed or writing a program that simulates vote casting is much easier and importantly could involve fewer people than physically creating individual frauds of paper ballots.

Oh well then, let me update my rant:

"This circle is half colored in. Obviously the voter intended to vote for my candidate."
"No, it's not completely filled in. Therefore this ballot is in error and doesn't count."
"This guy voted for Pat Buchanan, obviously his vote is incorrect."

Yes, the form of paper ballots matter. In my town we do well enough with having to connect an arrow with a magic marker. No it is not perfect and mistakes in "interpretation" could be made during a recount even asking people to make a clear mark. But the important thing is that there are clearly defined criteria for counting a vote that the average person can meet within a human margin of error.

My point to all this is that I voted in a county that had mechanical voting machines for nearly 50 years. They didn't have a paper trail. The only thing that was updated was a mechanical counter inside the machine that kept the tallies. These machines were opened during the day to check the counts (at which point they could also be tampered with) and at the end of the day these counts were read off and phoned to the central office then the counts were reset.

That would be just as bad as any other virtual ballot system, but I doubt you are describing the story in full. I too have voted on the machines with the little switches and the big lever, but I recall that there was also a roll of paper where a mark was made for each vote cast, which could be recounted if needed. I have nothing against this method, or for that matter computer ballots, as long as there is a physical record of the actual vote. What was lacking in the machine you describe, was a way for the voter to verify that the vote was recorded the way he or she voted.

What's the difference between the mechanical and the evoting ones? Ultimately nothing. Ultimately you have to trust the people running the system because otherwise Democracy means nothing because you don't trust your fellow man to properly vote or check your vote. I realize that's difficult when Bush is trying to orchestrate a coup to overthrow Democracy, especially after all those Diebold machines gave the vote to Republicans in this last mid-term election. But hey, that's how it goes.

The point is that you have to trust most people in a Democracy to do the right thing, but you can't trust everyone. The system must be designed so that individual corruption does not so easily corrupt the whole system. Computer balloting, especially without a voter verified paper trail, threatens this principal. In the past sure you could have a vast conspiracy involving hundreds of people strategically positioned at polling places to gum up the works in your opponents territory... so that what it took was a fairly elaborate dirty tricks outfit to steal an election. Now you have 5 or 10 people that know a thing or two about computers and find some vulnerability in the system and hack the election in a wholesale way.

Oh and it also becomes much more believable when the election machines stop working in a particularly busy district and the long lines reduce turnout and votes never even get cast. Much harder to justify those long turnout reducing lines when all someone needs is a pen and a surface to write on.

Though e

Outsourcing certification makes no sense.

[hey!]

OK, the government should not be in the business of designing and manufacturing equipment.

But why outsource the certification of equipment? This is precisely the kind of task that a government bureaucracy is best suited for: you have a routine task that is done by established rules and procedures. It's hard to see how a private company could outperform a government agency at apply a set of standards with unforgiving rigidity. The problem with government processes is that even good people working in them (of which there are many) are hampered by the bureaucracy's rules and culture, which limit the scope of individual initiative and judgment. In this case it would be a good thing.

The hard thing in the whole process is creating the certification standards. Here there is considerable use for consultants from academia and business.

What this suggests to me is that there aren't really standards. It looks like they just took the whole mess and swept it under the rug, letting the vendors select a sham certification organization.

This is an abdication of an important responsibility the government has. Not just to ensure free and fair elections, but to make sure it spends our money responsibly.

even if they did test, it would be of minimal use

[rakerman]

Almost all the required testing is about machine performance and durability. Very little of the testing has anything to do with hardware or software security.

Misleading headline

[EQ]

RTFA! Ciber is not banned from TESTING, but from certifying the machines as properly tested. This is due to Ciber not properly performing the tests, including completing the proper paperwork and observing the safeguards that ensure the tests are accurate. A better headline would be "Government Halts E-Voting Machine Certification - Testing is inadequate"

Sheesh. Come on /. Editors, you should at least *rad* the linked article you are posting and put a *proper* headline on it, rather than the misleading inflammatory crap that you used. KDawson proves yet again that he is an utter boob when it comes to editorial selection and headlines. Time to fire his ass.

Re:Misleading headline

[Kijori]

His point isn't that Ciber will keep testing, it's that the /. headline has a negative bias to it; it makes it sound like the Government banned an independent organisation from looking at the machines, which seems corrupt, when actually they were acting to try to increase the stringency of the testing.

Smash them

[demo9orgon]

If the machines and their code are still obfuscated by the next election then the machines should be destroyed.

If the government and it's anointed tools aren't up to the job then it's the duty of the citizens to take care of the problem. It's why we have the right to bear arms. It's why Thomas Jefferson's memorial has such pithy inscriptions. We sadly, currently, live in exactly the situation the founding fathers foresaw.

If the only effective protest is the destruction of the tools of misrepresentation, and if people are willing to die for their freedom and to protect their country and their constitution there shouldn't be any problem. We should fight the threats at home before exporting our expertise to damage others abroad at the behest of corrupt industries. Our politicians have been funded/emplaced by the very companies who seek to profit the most from a muddled vote. If voting is our one sure way of getting a message across then it needs the same kind of protection that the Constitution requires. It requires and demands the right of the citizenry to implement deadly force to secure it's own voice.

With the long lines and the availability of floors and blunt objects in polling places it shouldn't take more than an hour after polling facilities open to accomplish the task nation-wide.

And to all those citizens who think this isn't the solution, please reply with one that's rooted in reality, and not some "hugs and tea" fascimilie of reality.

Cheers.

Canadian Voting System

[ChunkyLoverYYZ]

I used to be ashamed of our technology on election day, but in light of news over the past several years, it really does seem to be effective. Paper, golf pencil, large 'X', thousands of volunteers to do the counting. Nothing to explain to voters, no fear of technology. Of course there's always the "people" element... corruption can only be reduced (hopefully) by technology, not prevented. Just my $.02.

What about one-time write ROM's?

[Radon360]

I've heard the debate go both ways about the pros and cons of electronic voting systems vs traditional ballots. Of course, each has their vulnerabilities.

If electronic voting machine developers are so bent on eliminating the paper trail, what about an electronic log that's designed with a physical limitation, such as one-time write memory? The machine would just burn a log entry after each voter finished voting. When you're done, you have a non-rewriteable memory storage device that reads something like voter 34 voted for W,X, and Y, voter 35 voted for X, Y and Z (think database record fields).

With something like this, you can go back and to some degree forensically reconstruct the ballots if a bug is suspected or found. Something like this would make it harder to make up a stack of forged ballots (a timestamp) or run the same scan sheet through the ballot scanner multiple times.

Sure, there's still vulnerabilities (missing log storage devices, perhaps even forged log storage devices), but it's something harder to forge than just using a pen and a ballot...and it isn't just a numerical count, either.

FWIW, during the last election. The city of Milwaukee ran out of ballots and several polling locations simply copied an unused ballot on a photocopier for additional ballots (!). Yes, they use the pen-marked scan ballots. Now there's an invitation for fraud.