Slashdot Mirror
U.S. To Certify Labs For Testing E-Voting Machines
InternetVoting writes "In a clear counter to the recent criticisms of secrecy involving Ciber labs the National Institute of Standards and Technology (NIST) has issued recommendations (pdf) to the Election Assistance Commission (EAC). NIST recommends the accreditation of two labs, iBeta Quality Assurance and SysTest Labs. The recommendation, emphasizing the need for transparency, includes on-site assessment reports, lab responses, and on-site reviews for each lab. These reports shed much needed light into the process of voting machine certification. Learn more from the Q&As About NIST Evaluation of Laboratories that Test Voting Systems."
It sounded, prima facie, like progress was being made; but quoth TFA:
Call me cynical, but auditing opaque processes with equally opaque tests doesn't change much; I foresee a holographic sticker labelled “certified.”
I'd wager, furthermore, they expect us to buy it at face value.
When they get done fixing the broken system for certifying voting machines, how about an effort to screen the certifiable morons who keep getting onto the ballot?
will not only bring the process of voting into the 20th century, but it will allow a much faster recount of dead people's votes.... /sarcasm
Support NYCountryLawyer RIAA vs People
I take a black marker and complete an arrow next to the item I wish to cast my vote for. There is an election official next to the machine which reads in my ballot and electronically tallies my votes, along with the rest of the votes for that district. That way you have both a paper trail with the convenience of electronic tallying.
time is a perception of a being's consciousness
time is your 6th sense, the wierd ones are 7+
Are these new testers truly being paid to examine these machines completely and exhaustively, or are they being paid to run a script, and sign a document?
If it's the latter, then as long as the standards anywhere close to where they have been, we'll continue working with virtually whatever the voting machine companies assert is good.
Ryan Fenton
That politicians can't grasp the immediately obvious? Why do they even bother with electronic voting machines when:
How could any politician come to a conclusion that electronic voting machines make sense? There is no compelling reason to use electronic voting machines at all. The only possible explanation I see is that counties which bought electronic voting machines had county officials on the payroll of the voting machine makers.
The fact that they've been purchased seems to suggest that politics is already not quite as transparent as it should be.
The society for a thought-free internet welcomes you.
How will "recommendations" change anything? Don't we need laws that protect the integrity of the voting process? Just asking...
Let me guess: the auditors are political appointees?
Q:How many libertarians does it take to stop a Panzer division? A:None. Obviously market forces will take care of it.
some hacker group gets Mickey Mouse elected via electronic voting machines. I'm wondering if even then people will pay attention.
The society for a thought-free internet welcomes you.
Why is this just happening now after several years of use (and possible misuse)? Note to readers: this is a rhetorical question. I work for the cable industry which spends lots of money and time for years, certifying devices that get attached to the cable networks. I guess this is more important that ensuring the veracity of our voting systems. But this begs the question. The voting machines are only one link in the chain and perhaps not even the weakest link. Previous elections have quite possibly been affected by selective voter purges and mishandling of ballots--do provisional and absentee ballots even get counted? So, certification of the devices is a needed measure as is holding in escrow the source code of the devices. But this is not the only measure that should be taken.
"If god had wanted us to vote, he would have given us candidates"
"Gentlemen, you can't fight in here! This is the War Room!" -- Dr. Strangelove
Any election where your vote is secret can be rigged. There have been stories of boxes of paper ballots disappearing. If the e-voting machines gave you the voter a receipt with a vote ID number, and your vote was published(say online) how could elections be rigged? Would it be worth the invasion of privacy to ensure a secure voting system?
Libertarian Leaning Political Discussion Forum.
The simple, less deadly, less costly answer is.
Paper Ballots Hand Counted
Bradblog
Black Box Voting
WAKE THE FUCK UP!
Florida, 2000. Hanging chads. Confusing paper ballots. The electronic voting mess was supposed to prevent that from ever happening again.
Best Slashdot Co
This may be a step in the right direction but, as we have seen so many times, throwing more bureaucracy at a problem usually doesn't help much.
/. (I can't find the news item.). Has it been accepted and is it being used?
I simply don't understand the pigheaded stubbornness against using an open source operating system for voting machines. Voting is one of the key elements of our democracy and should be completely transparent. Sure, someone could/would/will find a way to cheat but openness in the process would at lest instill a little more confidence in the overall system.
I have a question for our Australian brothers and sisters. I know an open source operating system was written for voting machines there which was reported and discussed here on
I wonder how the previous elections' voting computers would fare, being put through the new tests... think diebold would like to see exposed just how many security holes there were in their last series of "machines"?
Is it just me, or is this another chance to create a group that will just suck all the money in and be corrupt? //Thanks God for being born in Canada ///Not that we are much different.
What is the likelihood that this group would be able to satisfy everyone and have enough power to keep elections from being rigged?
You guys are getting way complicated. Forget the punch-outs, the electronics, etc. Print a list of names with a box next to the name, and the voter puts an X in the box. Print a batch that is both in ink and in braille, with a raised edge around the box. Or maybe give the voter a ticket and have a few boxes in the booth. The voter just drops the ticket in the box corresponding to the candidate they wish. Print the name of the candidate in braille, in ink, and throw on a picture too, so the illiterate can vote.
Of course, we may need multiple screens for all the candidates; who wants to be on screen three?
Sheesh! Screen three? I thought you guys had a "two party system". How do you get three screen-fuls of candidates with only two parties? I live in a country where we have multiple parties, and the most candidates I've ever seen on a ballot was eight, or so.
When our name is on the back of your car, we're behind you all the way!
As was pointed out on slashdot yesterday http://politics.slashdot.org/article.pl?sid=07/01/ 18/152205, calling these things voting computers rather than voting machines gets the story across much better. People might wake up when they hear these things more accurately described.
=-+
Another one of NIST's big security certification schemes is NIAP. It's difficult to see it as anything but a failure. The "protection profiles" that systems are tested against sometimes explicitly assume a benign environment with no hackers. Hello, what's the point then? Also, the most common certifications don't involve source code verification or any other kind of strenuous testing. Just take a look at the list of crap that they have validated, including some products with absurd levels of vulnerabilities. Apparently, Microsoft Windows is very secure, according to NIST's NIAP. Note also that, because this is pay to play, many of the best security tools are completely missing from the list. If I had to bet money, I'd say that well-heeled companies like Diebold will make it through the testing despite a lot of vulnerabilities, and the public will be no better off.
You're got the right idea, but you're placing the blame with the wrong folks.
Protection Profiles are written by the organizations using NIST standards. If Microsoft (for example) chose create a really, really lame Protection Profile for their ToE (Target of Evaluation, in MS's case several of their flagship OSes), that's their crap/deception, not NIST's. A lame PP would be one that states the system will never be connected to a network, is protected from physical access, never has unsigned code running on it, etc etc.
NIST makes standards, but doesn't controll how they are used in the wild. It's like me saying "I'm a certified genius at age 30, but only when tested with materials designed for 4th-graders". There's nothing wrong with the test that was administered, but the *context and application* are all wrong. Several MS OSes are certified at EAL4 with totally bullshit PPs, but that's MS's evil deed, not NIST's.
EAL by itself means nothing.
EAL + PP gives you most of the picture.
REMEMBER - "EALs refer to the level of confidence in the conclusions of the evaluation, and not to the level of secrity the product provides".
With the first link, the chain is forged.
This democratic "victory" is simply a step in the republican stragegy to sweep in '08. By cheating to help their opponents, nobody will suspect that they are cheating when the constitutional amendment declaring Bush "President For Life and Beyond" and outlawing everything beginning with the letter "D" passes by a broad margin next spring.
Mickey Mouse wouldn't get elected. His sexuality would be questioned immediately. He walks around bare-chested, hangs out with a pantless duck, and has yet to produce a single offspring or even marry his girlfriend of 50+ years (not to mention that odd high pitched voice of his).
Bah! Goofy has a far better chance at the presidency. Now there's a complete fool I could respect!
Having the US 'certify' fair voting machines is like having Apple certify OS security. And as we know, this is a BAD month for Apple security (or rather, a revelation toward the lack thereof).
I'm not here to gather mod points, not that I think I have the writing ability to do so if I wanted to, and I can certainly understand that my post may not be interesting to anyone in particular but 'Redundant'? I think that's a stretch.
/.'s search function only covers 'posted' articles/comments; if by 'posted' they mean 'added to the database'. Firefox's 'Find' seems to have lost some of its functionality as well and routinely balks a large pages. Oh well, c'est la vie
Earlier today, someone complained of the same thing but I'll be damned if I can find it; not that it really matters.
It was Democrat demagoguery all along. Now that the Democrats swept 2006, electronic voting is the perfect embodiment of the "the will of the voter"!
If anyone stood up and said: "Pelosi, Reid and Dean stole the election!" they'd be escorted to the looney bin, where all the faithful of President Gore belonged in 2000.
...what in the hell is so god damn hard about making sure that a device records a selection that a user makes via a touch screen? What the hell about certifying that process needs to be kept as a 'trade secret'?
This is all a bunch of media-spin garbage to get people to buy into blackbox voting, which (and I apologize for my arrogance) anyone with half a brain should see, is a horrible idea.
As far as me and my tax dollars are concerned, all voting software should be open, methods transparent and certification records to be made public. There should be [b]NO PRIVATIZATION of ANY ASPECT of our DEMOCRATIC ELECTORAL PROCESS, EVER, FOR ANY REASON![/b]
This isn't rocket science and never has been, our current moronic whitehouse administration just wants you to think so.
It's just like the whole 'hanging chad' crap, it's just a distraction from what really needs to be done and shown.
There is NO secure way to have computerised voting.
We had a long established precedent that any citizen worth enough to vote could verify an empty box using nothing more than a set of mark I eyeballs. No programming needed, no electricity needed for that matter.
I don't care how many standards and computers and voodoo assurances you throw at it, computerised voting doesn't pass that minimal "normal human eyeballs" test. I don't care if the code is open or not, even if it is they can still hack it upstream at the next computer, or the nexct one, and you wouldn't know. When it comes to what ownership of the government is worth-ultimate power and trillions of dollars-temptation is too great, or force of blackmail, or whatever-it'll get hacked to pieces.
All you are doing with computers is swapping around the places and manners where *extreme* and easy large scale voting manipulation can occur. The old method was pretty hard to hack every voting ballot box, even a sdmall percentage, but with computers??? Large scale regional hacking possible, and you wouldn't know. Some got hacked in ye olden days,sure,ballot box stuffing, but having the ability to inspect the empty box, then stand around at night and verify the count, worked about as well as possible over the widest range of precincts.
Computerised voting is designed on-purpose to fake people out with "new shiny" blinkenlights, and that's about it. It's a scam to perptuate the one globalist party system so that this election's "fearless leader" chose by the globalists "wins"..
The old system wasn't broken so bad that we have to spend billions to completely finish smashing it to pieces.
Paper ballot, indelible pen for marking. No hanging chads, no voodoo "code" counting at some remote server buried in a locked basement someplace and three paid off dudes "verifying" it, none of that. It's lame. A simple ballot box and paper ballots are just fine for voting, and if it takes a-horror!-whole day to vote and another to count..who cares? Why don't we have a full 24 hour voting period *anyway*, what's with near bankers hours for voting? And we have run out of humans who can count, just adding simple sums? I don't think so.
The fair voting system favors the winner.
I mean, the fair voting system disfavors the loser.
LET'S HANG CHAD AGAIN!
The only thing new in this world is the history that you don't know.[Harry Truman]