Slashdot Mirror

← Back to Stories (view on slashdot.org)

Diebold Voting Machines Audited by California

Posted by CowboyNeal on from the who-didn't-see-this-coming dept.

Panaqqa writes "Diebold must be wondering what else can go wrong. Considering their arrogance in the past, their comeuppance is truly well deserved. The State of California's source code review [PDF] of the Diebold voting system has been released. Additional reports will be made available as the Secretary of State determines that they do not inadvertently disclose security-sensitive information. One wonders what it will take to convince voting machine manufacturers not to do things like hard coding passwords as '12345678.'"

17 of 159 comments (clear)

  1. Amazing.. truly amazing by JustNiz · · Score: 4, Insightful

    how after all the many serious screw-ups and warnings that Diebold has had in the past couple of years, this report shows they still didn't do anything at all to improve the situation.

    I often wondered how managers and CEO's that don't even have a clue get given companies to control. This level of obvious incompetence makes me wonder even more.

    1. Re:Amazing.. truly amazing by Vengance+Daemon · · Score: 4, Insightful
      I often wondered how managers and CEO's that don't even have a clue get given companies to control.

      It's really pretty simple: Many companies are no longer run by the visionary people that started them, they are run by accountants and "risk managers."

  2. Just use paper counting by Lars+Clausen · · Score: 4, Insightful

    Voting machines are a technical non-solution to a non-existing problem. Counting votes by hand in public view is almost as fast, has much fewer things that could go wrong with them, and is intrinsically open to public scrunity like no machine system can ever be. Plus, it's cheaper. It works in Denmark, it should scale perfectly well to the US.

    1. Re:Just use paper counting by Durrok · · Score: 3, Insightful

      Whenever a story on the voting machines comes up many people present your argument. I find it fundamentally flawed however as counting by hand is extremely inefficient. Not only is it a slow, labor intensive task but it is also open to human error and other technical issues (hanging chads, etc). There is no real point of denying it, computer voting is coming. Instead of saying "Oh this new system doesn't work in it's current incarnation, we should go back to the other method" we should be asking "The new method we are trying to implement is flawed, how should we change it?"

      --
      I keep telling myself I'm not the desperate type.
    2. Re:Just use paper counting by doom · · Score: 2, Insightful

      sommere wrote:

      Counting votes by hand works when there are one or two issues on the ballot. When you have ballots with hundreds of races, and ammendments, etc. It does not scale well.

      And you think that the electorate can make intelligent, informed decisions when asked to vote on hundreds of issues? Democracy doesn't scale well up to that level, that's why we're stuck with a Democratic-Republic [1]

      Techie geeks have this amazing capability to focus on the wrong problem...

      [1] Or we were, before the New Regime took over.

    3. Re:Just use paper counting by Anonymous Coward · · Score: 5, Insightful

      Working democracies are based on secret and unprovable votes and a transparent and voter verifiable voting process. The process is intentionally designed in a way which does not require anyone to trust anyone else. If you can come up with a computer voting system which does all that, let's hear it. Consensus among technology-minded people who have looked into the problem from a civil rights point of view seems to be that no computer voting system can work with secret and unprovable votes and at the same time be transparent and voter verifiable. (The basic idea is that, since computer systems are never verifiable as such, verifiability would have to come from being able to recount the votes in some independent way, but one would have to violate the secrecy or make votes provable to do that.)

    4. Re:Just use paper counting by houghi · · Score: 2, Insightful

      If it ain't broke, don't fix it. Voting by hand is not broke, so why fx it?

      The ONLY reason to fix it, is so it can be 'fixed' or so we can watch the outcome on the evening news, instead of two days later.

      --
      Don't fight for your country, if your country does not fight for you.
    5. Re:Just use paper counting by Brett+Buck · · Score: 2, Insightful

      Well, obviously, it was a very serious problem in Florida in 2000. Ultimately it was proven, even by partisan hacks, that Bush would have won, but it would have taken 6 months. So paper vote counting certainly is a "problem".

            That doesn't mean that electronic voting is the solution, of course.

              Brett

    6. Re:Just use paper counting by david.given · · Score: 2, Insightful

      Your vote was counted toward:
      Bob

      Good day, Mr. Smith. Mr. Jones would like to see your voting receipt now. Naturally I am sure that you voted as agreed in our little business arrangement, because if you didn't, Mr. Jones will be very upset...

  3. Eeeeeeek by GTarrant · · Score: 5, Insightful
    Imagine if Diebold, one of the major manufacturers of bank ATMs, hard-coded the passwords to every ATM as "12345678", or insisted to every bank that they couldn't get an ATM that gave people paper verification of their transactions, or that they couldn't guarantee to the bank that the internal records ATMs were reliable, and couldn't give any assurance that they were at all secure.

    They'd never sell a single one. No bank would accept an ATM that couldn't accurately track the thousand or so transactions that they see each day, or that anyone could gain control of by typing in a few keys followed by "12345678".

    And yet somehow (through much campaign cash, etc.) they managed to convince politicians that all that stuff would be too hard and unnecessary in voting machines, despite the technology already being available from the same company. That it's not hard to count accurately millions, even billions, of dollars in transactions each day, but that it's too hard to simply increase by one the count in the proper register to greater than a few percent accuracy. And despite numerous security incidents, they are still fighting tooth and nail these simple things.

    I'm not convinced electronic voting is necessary...but I'm wary of any politician that keeps trying to tell me there's no need to increase the security of such systems. Unless they say they're OK with their own banks using that kind of security, voting shouldn't use it either.

  4. Secure Cellophane Bank Vaults by Anonymous Coward · · Score: 4, Insightful

    It's a step in the right direction, but really, is an audit even needed?

    This is like building a nylon tent to hold your valuables, then performing an audit to evaluate the strength of its zipper. The entire concept is idiotic from the start.

    There's a simple solution to voting machine security: use paper ballots. The machines can help you fill them out, but the result should always be a paper ballot which is the authoritative record of your vote. Simple, easy, secure. Why isn't this being done? Who knows, but it's clear the concerns of the people in charge are something other than correct vote counts.

  5. "Plausible Deniability", Anyone? by NickFortune · · Score: 5, Insightful

    One wonders what it will take to convince voting machine manufacturers not to do things like hard coding passwords as '12345678.'"

    I can almost imagine that being a deliberate ploy. "

    I'm sorry your honour, but one of our programmers (no longer under our employ) hard coded a weak password in complete disregard of coding standards. Regretably, the weakness of the password has enabled certain parties to guess what it is, and thereby subvert the electoral process. But it's not our fault."

    Hanlon's Razor be dammned. In cases like this we should start assuming malice unless they can prove stupidity beyond any reasonable doubt.

    --
    Don't let THEM immanentize the Eschaton!
  6. Maybe not so obvious by dereference · · Score: 2, Insightful

    If you believe this is nothing more than pure incompetence, then you too have been fooled. This level of incompetence is usually indicative of strong intent that Hanlon's razor will be used by others to essentially protect the perpetrators from punishment for their immoral and/or illegal activities. This is just another way to game the system.

  7. Re:fortify? by vidarh · · Score: 2, Insightful

    Didn't you even bother to read the sentence you quoted yourself. Fortify was used to find areas to investigate manually. These tools do have many shortcomings, but they do also find many legitimate problems. Using them to find starting points for manual investigations you might otherwise overlook is exactly the right way to use them. Believing them to produce a laundry list of actual problems is, as you pointed out, not.

  8. Not hand, mechanical paper counting by AHumbleOpinion · · Score: 3, Insightful

    Voting machines are a technical non-solution to a non-existing problem.

    Agreed.

    Counting votes by hand in public view is almost as fast, has much fewer things that could go wrong with them, and is intrinsically open to public scrunity like no machine system can ever be. Plus, it's cheaper.

    Wrong on faster and cheaper. As the recount in some Florida counties showed in the 2000 US presidential election.

    Voting on paper is fine, but the paper should be mechanically counted. Hand counts should be a last resort when the machines are unable to read a vote or are malfunctioning.

    1. Re:Not hand, mechanical paper counting by sadr · · Score: 2, Insightful

      Let us say that a person making $10 / hour can count 1000 votes an hour. That's one cent per vote counted.

      Let us assume that a person can enter one vote in 20 seconds on a voting machine. Let us assume that voting machines are busy 10 hours on voting day. Each voting machine will "count" 1800 votes in a day. So for $20, you can count more votes than the voting machine.

      If each voting machine costs $400, it will take 20 elections to recoup your investment. And while there are multiple elections a year, you have to buy enough machines to handle the presidential elections every 4 years. Most elections (i.e. primaries, run-offs, etc.), the machines will be significantly underutilized, so so only register a few dozen or hundred votes on average.

      It may not be quite as fast as a mechanical system, but it certainly would be a heck of a lot cheaper.

      Optical scan, i.e. standardized test style, isn't a bad way to have a machine count ballots, and leaves a paper trail, and is cheaper than the video machines (since you can use one machine for all of the votes), but probably isn't really that much better.

  9. Re:Voting Machine == Ballot Printer by zCyl · · Score: 2, Insightful

    If a ballot-reader counts the votes, fine. We can have fast results without giving up accountability.

    Look it up. Ballot readers are compromised as easily as the original machines.

    An ideal arrangement is to have a printed ballot as the official ballot, and a supervised hand-counted count which is the OFFICIAL count. Then, the original voting machines can also perform an electronic tally themselves, and this electronic tally can serve as a check for the hand count. If the two differ significantly, something has gone wrong, and an audit must be performed.

    If the media want to report the electronic tally as a preliminary result, let them. Simply declare that only the hand count (which can be supervised) is official.