Slashdot Mirror
Diebold Voting Machines Audited by California
Panaqqa writes "Diebold must be wondering what else can go wrong. Considering their arrogance in the past, their comeuppance is truly well deserved. The State of California's source code review [PDF] of the Diebold voting system has been released. Additional reports will be made available as the Secretary of State determines that they do not inadvertently disclose security-sensitive information. One wonders what it will take to convince voting machine manufacturers not to do things like hard coding passwords as '12345678.'"
Counting votes by hand works when there are one or two issues on the ballot. When you have ballots with hundreds of races, and ammendments, etc. It does not scale well.
From AV-TSX bootloader code:
// Check for library not initialized or (x,y) out of range
// Compute the frame buffer offset and write the pixel
void GlibPutPixel(UINT xx, UINT yy, Pixel_t Color)
{
if(FrameBuffer != FALSE || (xx < USER_X) || (yy < USER_Y))
{
FrameBuffer[FB_OFFSET(xx,yy)] = Color;
}
}
TCHAR name;
_stprintf(&name, _T("\\Storage Card\\%s"), findData.cFileName);
Install(&name, hInstance);
First uses logical OR instead of logical AND to check boundaries, second writes a string where there is only storage for one character!
The votes on 10 ballots are totaled and this total is recorded on a marker sheet placed on top. Then the bundle is tied up. (10 ballots)
10 of those bundles are totaled on a different marker sheet and bundled together. (100 ballots)
10 of those bundles are totaled on a different marker sheet and bundled together. (1,000 ballots)
10 of those bundles are totaled on a different marker sheet and bundled together (10,000 ballots)
And so on. The idea being that any individual bundle can be quickly verified or re-counted. And because it's all base 10, it is easy for MOST humans to visually verify the bundles themselves. The ones that can count to ten, that is.
That's a good point. Admittedly, though, the issues are somewhat different. If you could issue a magentic unique card to each voter, with a PIN that the voter picked, and have every voting machine hooked up to a network enabling real-time guaranteed transaction against a centralized voting database, then I'm sure you could get the same kind of accuracy as ATMs.
There's also the substantial issue of the requirement to handle processing all voters on the same day within a certain number of hours. That requirement, along with the rarity of elections, requires that you have a very large number of voting machines that are not permanently installed in a particular location. Imagine the logistical nightmare of having to quickly install thousands upon thousands of temporary ATM machines, hook up communications so they can communicate over a network in a completely secure fashion, have them work perfectly for 12 hours or so, and then uninstall them and put them back in storage.
I'm certainly not saying it couldn't be done, by any means. But comparing voting machines to ATM machines isn't exactly comparing apples to apples.
It's a paraphrase from Spaceballs, when the king of Druidia hands over the code to the air shield.
You can never go home again... but I guess you can shop there.
Hanging chads is a bullshit argument - I've seen nobody argue that it isn't acceptable to use a voting machine that produces a printed voting card that's guaranteed to be valid.
But for that matter, that's overcomplicating it. In Norway, voting is handled by pre-printed lists of candidates for each party (we have proportional voting, so in county elections each list may have up to 60 or so names on it depending on the size of the local council, in parliament elections up to about 20 depending on region), and while people may alter the lists (see below) the simplest way to vote that most people use is to simply pick one of the lists and drop it in an envelope that is then dropped in the ballot box.
A rough count is then done simply by counting the number of lists from each party. It is simple, and it is extremely trivial to count and recount, and since any party can provide observers or people to participate in the counts there is accountability: Anyone participating in the count is under constant scrutiny and doing the count out in the open where a number of people can see any attempt at cheating.
This system works for a country where typically at least around 12-20 parties raise lists for any election, depending on region and whether it's a local election or for parliament. For the US where you in most circuits have the choice between 2-3 candidates it would be trivial, and you could brightly color the list to make the count a total no-brainer. Handle other ballot issues separately.
There is some complication in counting the number of votes for candidates for a party, as the order of which candidates are assigned to the seats won by each party is determined by the number of votes for that person. By default that is the same number of votes as number of lists of the party, but the number can be increased or decreased by certain allowed modifications of the list. Depending on whether it's a local, regional or parliamentary election, this can include for example adding names of people from other lists, altering the order or striking people of your list.
Despite that it rarely takes more than a day to finalize the count and there are rarely conflicts over the results.
Don't even think about arguing about how this only works for simple elections. In a local election for a county with 50 councillors and 12 parties raising lists, that means probably tabulating votes and alterations for at least 600 people (often somewhat more, as you also elect a number of people as stand in's in case of sickness or other valid leave), which includes fractional votes (if you add someone from another list to the list you vote for, a proportional fraction of your vote is transferred to the list of the candidate you add)
Electronic voting is a "solution" that's only on the table due to massive lobbying from companies seeking to cash in on it that's managed to coopt the debate over how to fix a flawed paper system that would've been trivially fixable just by altering the ballots used.
From page 51:
.ins files are used. An attacker who included a file with a long name or a name
Issue 5.2.24: AV-TSX startup code contains blatant errors.
287 TCHAR name;
288 _stprintf(&name, _T(''\\Storage Card\\%s''), findData.cFileName);
289 Install(&name, hInstance);
Here, name is not a character array but a single character in memory. The stprintf function
expects its first parameter to be a character array, so the programmer had to use the&operator
to get the address of name, rather than its value. The result is an obvious buffer overflow. A
string that includes the filename, which could be under an attacker's control, gets copied over
whatever data resides in the memory region following name.
That this code works at all seems purely accidental. Memory corruption occurs even when
legitimate
containing particular characters might be able to crash the program or, possibly, execute
malicious code.
This bug sheds light on the vendor's software engineering practices, because it is a very
unusual error for an experienced C++ programmer to make. Characters and character arrays
are very different constructs in C++. Students using the language for the first time might
confuse the two, but experienced programmers who understand basic concepts like pointers
would be unlikely to confuse them. The probability that an experienced C++ programmer
would make such a mistake or overlook it during even a cursory review of the code is
exceptionally low. This suggests to us that after this code was written it was not reviewed
by any other engineers at Diebold.
That's gold Jerry! Gold!
There is another kind of evil which we must fear most, and that is the indifference of good men. -- Boondock Saints
I'm guessing you're from Norway, so I'll excuse you for not understanding how American government works. You see, the people we elect to "represent" us believe that existing laws are meaningless if they themselves did not write them the previous term. So any issues that arise will need entirely new legislation drafted, often with the help of the corporations and lobbying groups that funded their campaign. Hence, a simple fix to a broken paper ballot system isn't sufficient. No, we need entirely new laws and methods to be created, and make them as expensive as possible while sounding as awesome and clever as possible. Also, at least one additional item must be added to each piece of legislation that is totally unrelated, such as funding for a new music program for the local deaf and mute school. This way if the bill is blocked, the representatives who supported it can slam those who didn't for not caring about "the children" during the next election. That's how we do things in America. Brilliant, isn't it?
That's misleading. They decertified them, then recertified them with some additional security requirements.
See here: Elections chief gives OK to vote machines
Top to bottom review docs:
s ource=All&type=All&title=&Search=Submit
http://www.sos.ca.gov/elections/elections_vsr.htm
Also the public hearing where a university computer science professor describes the results of the red team testing. The audio starts very poor but improves after 25 minutes, but I've ONLY been able to watch it *streaming* (which is a drag). The hearing is 6 hours long and if anyone can provide a download link, I'd be grateful.
http://www.calchannel.com/search.php?date=073007&
At 5 hrs, 26 min. Jim Soper presents a very good technical rebuttal to the manufacturers official positions, and receives some good applause from the crowd.
You can't be ahead of the curve, if you're stuck in a loop.
If you put a voter's choice on the walk-away receipt, you commoditize the election completely, since the receipts become a call on a vote. You can print the choices on a sheet of paper, but it must be private to the voter and have no personal IDs or other data on it between the voter and the ballot box. No information associating a voter with a vote must leave the polling place.
Don't blame me, I voted for Baltar.