Slashdot Mirror

← Back to Stories (view on slashdot.org)

Diebold Voting Machines Audited by California

Posted by CowboyNeal on from the who-didn't-see-this-coming dept.

Panaqqa writes "Diebold must be wondering what else can go wrong. Considering their arrogance in the past, their comeuppance is truly well deserved. The State of California's source code review [PDF] of the Diebold voting system has been released. Additional reports will be made available as the Secretary of State determines that they do not inadvertently disclose security-sensitive information. One wonders what it will take to convince voting machine manufacturers not to do things like hard coding passwords as '12345678.'"

36 of 159 comments (clear)

  1. Oblig... by Tuoqui · · Score: 4, Funny

    12345678... That sounds like the password some idiot puts on their briefcase.

    --
    09F911029D74E35BD84156C5635688C0
    +2 Troll is Slashdot's way of saying groupthink is confused
    1. Re:Oblig... by brywalker · · Score: 2, Funny

      12345678... AMAZING! That's the same exact password I have on my briefcase!

    2. Re:Oblig... by tverbeek · · Score: 3, Funny

      The security code on my house alarm is 789456123... no one would ever guess that!

      --
      http://alternatives.rzero.com/
    3. Re:Oblig... by Martin+Blank · · Score: 4, Informative

      It's a paraphrase from Spaceballs, when the king of Druidia hands over the code to the air shield.

      --
      You can never go home again... but I guess you can shop there.
  2. Amazing.. truly amazing by JustNiz · · Score: 4, Insightful

    how after all the many serious screw-ups and warnings that Diebold has had in the past couple of years, this report shows they still didn't do anything at all to improve the situation.

    I often wondered how managers and CEO's that don't even have a clue get given companies to control. This level of obvious incompetence makes me wonder even more.

    1. Re:Amazing.. truly amazing by Vengance+Daemon · · Score: 4, Insightful
      I often wondered how managers and CEO's that don't even have a clue get given companies to control.

      It's really pretty simple: Many companies are no longer run by the visionary people that started them, they are run by accountants and "risk managers."

  3. Just use paper counting by Lars+Clausen · · Score: 4, Insightful

    Voting machines are a technical non-solution to a non-existing problem. Counting votes by hand in public view is almost as fast, has much fewer things that could go wrong with them, and is intrinsically open to public scrunity like no machine system can ever be. Plus, it's cheaper. It works in Denmark, it should scale perfectly well to the US.

    1. Re:Just use paper counting by Durrok · · Score: 3, Insightful

      Whenever a story on the voting machines comes up many people present your argument. I find it fundamentally flawed however as counting by hand is extremely inefficient. Not only is it a slow, labor intensive task but it is also open to human error and other technical issues (hanging chads, etc). There is no real point of denying it, computer voting is coming. Instead of saying "Oh this new system doesn't work in it's current incarnation, we should go back to the other method" we should be asking "The new method we are trying to implement is flawed, how should we change it?"

      --
      I keep telling myself I'm not the desperate type.
    2. Re:Just use paper counting by doom · · Score: 2, Insightful

      sommere wrote:

      Counting votes by hand works when there are one or two issues on the ballot. When you have ballots with hundreds of races, and ammendments, etc. It does not scale well.

      And you think that the electorate can make intelligent, informed decisions when asked to vote on hundreds of issues? Democracy doesn't scale well up to that level, that's why we're stuck with a Democratic-Republic [1]

      Techie geeks have this amazing capability to focus on the wrong problem...

      [1] Or we were, before the New Regime took over.

    3. Re:Just use paper counting by Sparr0 · · Score: 2, Interesting

      No, tradition is why we are stuck with a Democratic-Republic. I am a proponent of direct democracy via direct representation. In short, everyone gets to vote on every issue, or they can delegate their vote to a representative (who can then delegate all of THOSE votes, and so on). I am sick and tired of being "represented" by someone who doesn't share ANY of my views. Or worse, someone who actively promotes the interests of corporations over their own constituents.

    4. Re:Just use paper counting by Anonymous Coward · · Score: 5, Insightful

      Working democracies are based on secret and unprovable votes and a transparent and voter verifiable voting process. The process is intentionally designed in a way which does not require anyone to trust anyone else. If you can come up with a computer voting system which does all that, let's hear it. Consensus among technology-minded people who have looked into the problem from a civil rights point of view seems to be that no computer voting system can work with secret and unprovable votes and at the same time be transparent and voter verifiable. (The basic idea is that, since computer systems are never verifiable as such, verifiability would have to come from being able to recount the votes in some independent way, but one would have to violate the secrecy or make votes provable to do that.)

    5. Re:Just use paper counting by vidarh · · Score: 2, Informative
      It is inefficient, but it doesn't need to be efficient, it needs to be accurate and efficient enough to be countable in a reasonable amount of time. And while an individual human is inaccurate, there is a paper trail that allowed another human or more to check the first humans work, which frequently or always does happen in most countries.

      Hanging chads is a bullshit argument - I've seen nobody argue that it isn't acceptable to use a voting machine that produces a printed voting card that's guaranteed to be valid.

      But for that matter, that's overcomplicating it. In Norway, voting is handled by pre-printed lists of candidates for each party (we have proportional voting, so in county elections each list may have up to 60 or so names on it depending on the size of the local council, in parliament elections up to about 20 depending on region), and while people may alter the lists (see below) the simplest way to vote that most people use is to simply pick one of the lists and drop it in an envelope that is then dropped in the ballot box.

      A rough count is then done simply by counting the number of lists from each party. It is simple, and it is extremely trivial to count and recount, and since any party can provide observers or people to participate in the counts there is accountability: Anyone participating in the count is under constant scrutiny and doing the count out in the open where a number of people can see any attempt at cheating.

      This system works for a country where typically at least around 12-20 parties raise lists for any election, depending on region and whether it's a local election or for parliament. For the US where you in most circuits have the choice between 2-3 candidates it would be trivial, and you could brightly color the list to make the count a total no-brainer. Handle other ballot issues separately.

      There is some complication in counting the number of votes for candidates for a party, as the order of which candidates are assigned to the seats won by each party is determined by the number of votes for that person. By default that is the same number of votes as number of lists of the party, but the number can be increased or decreased by certain allowed modifications of the list. Depending on whether it's a local, regional or parliamentary election, this can include for example adding names of people from other lists, altering the order or striking people of your list.

      Despite that it rarely takes more than a day to finalize the count and there are rarely conflicts over the results.

      Don't even think about arguing about how this only works for simple elections. In a local election for a county with 50 councillors and 12 parties raising lists, that means probably tabulating votes and alterations for at least 600 people (often somewhat more, as you also elect a number of people as stand in's in case of sickness or other valid leave), which includes fractional votes (if you add someone from another list to the list you vote for, a proportional fraction of your vote is transferred to the list of the candidate you add)

    6. Re:Just use paper counting by houghi · · Score: 2, Insightful

      If it ain't broke, don't fix it. Voting by hand is not broke, so why fx it?

      The ONLY reason to fix it, is so it can be 'fixed' or so we can watch the outcome on the evening news, instead of two days later.

      --
      Don't fight for your country, if your country does not fight for you.
    7. Re:Just use paper counting by vidarh · · Score: 2, Informative
      Sure it does. In a typical local election in Norway, a largish county essentially will have to tabulate votes for 500-600 candidates (there are 63000 candidates for the next local elections in Norway, or about 1.4% of the population), which include fractional votes (transferred from other lists, as you can vote for a party, but still "tack on" your favorite candidates from other parties to give them a fraction of your vote). Despite the complexities of that voting system (it's a proportional system with lots of little wrinkles like the partial transfer mentioned), the results rarely cause conflicts or recounts and the results are generally complete or close enough within a day. Since vote counting is a trivially parallelisable problem, I simply don't see the problem.

      Electronic voting is a "solution" that's only on the table due to massive lobbying from companies seeking to cash in on it that's managed to coopt the debate over how to fix a flawed paper system that would've been trivially fixable just by altering the ballots used.

    8. Re:Just use paper counting by Brett+Buck · · Score: 2, Insightful

      Well, obviously, it was a very serious problem in Florida in 2000. Ultimately it was proven, even by partisan hacks, that Bush would have won, but it would have taken 6 months. So paper vote counting certainly is a "problem".

            That doesn't mean that electronic voting is the solution, of course.

              Brett

    9. Re:Just use paper counting by Grave · · Score: 2, Informative

      I'm guessing you're from Norway, so I'll excuse you for not understanding how American government works. You see, the people we elect to "represent" us believe that existing laws are meaningless if they themselves did not write them the previous term. So any issues that arise will need entirely new legislation drafted, often with the help of the corporations and lobbying groups that funded their campaign. Hence, a simple fix to a broken paper ballot system isn't sufficient. No, we need entirely new laws and methods to be created, and make them as expensive as possible while sounding as awesome and clever as possible. Also, at least one additional item must be added to each piece of legislation that is totally unrelated, such as funding for a new music program for the local deaf and mute school. This way if the bill is blocked, the representatives who supported it can slam those who didn't for not caring about "the children" during the next election. That's how we do things in America. Brilliant, isn't it?

    10. Re:Just use paper counting by david.given · · Score: 2, Insightful

      Your vote was counted toward:
      Bob

      Good day, Mr. Smith. Mr. Jones would like to see your voting receipt now. Naturally I am sure that you voted as agreed in our little business arrangement, because if you didn't, Mr. Jones will be very upset...

    11. Re:Just use paper counting by iluvcapra · · Score: 2, Informative
      • Today and today only! 1230 AM is offering $2 for every election receipt you give us with "Bob" on it!
      • Come on in to mattress warehouse for our election day special! Get a free comforter with your mattress if you have a receipt for "Bob"!
      • Boss: Everybody vote today? Let's see your receipts! Uh... I wanna make sure you're all participating.

      If you put a voter's choice on the walk-away receipt, you commoditize the election completely, since the receipts become a call on a vote. You can print the choices on a sheet of paper, but it must be private to the voter and have no personal IDs or other data on it between the voter and the ballot box. No information associating a voter with a vote must leave the polling place.

      --
      Don't blame me, I voted for Baltar.
  4. Duuuuuuude! by iknownuttin · · Score: 4, Funny
    12345678... AMAZING! That's the same exact password I have on my briefcase!

    We have a psychic bond! I use that exact same password on my luggage and machines!

    We're password buddies!

    --
    I prefer Flambe as apposed flamebait.
  5. Eeeeeeek by GTarrant · · Score: 5, Insightful
    Imagine if Diebold, one of the major manufacturers of bank ATMs, hard-coded the passwords to every ATM as "12345678", or insisted to every bank that they couldn't get an ATM that gave people paper verification of their transactions, or that they couldn't guarantee to the bank that the internal records ATMs were reliable, and couldn't give any assurance that they were at all secure.

    They'd never sell a single one. No bank would accept an ATM that couldn't accurately track the thousand or so transactions that they see each day, or that anyone could gain control of by typing in a few keys followed by "12345678".

    And yet somehow (through much campaign cash, etc.) they managed to convince politicians that all that stuff would be too hard and unnecessary in voting machines, despite the technology already being available from the same company. That it's not hard to count accurately millions, even billions, of dollars in transactions each day, but that it's too hard to simply increase by one the count in the proper register to greater than a few percent accuracy. And despite numerous security incidents, they are still fighting tooth and nail these simple things.

    I'm not convinced electronic voting is necessary...but I'm wary of any politician that keeps trying to tell me there's no need to increase the security of such systems. Unless they say they're OK with their own banks using that kind of security, voting shouldn't use it either.

    1. Re:Eeeeeeek by xiard · · Score: 2, Informative

      That's a good point. Admittedly, though, the issues are somewhat different. If you could issue a magentic unique card to each voter, with a PIN that the voter picked, and have every voting machine hooked up to a network enabling real-time guaranteed transaction against a centralized voting database, then I'm sure you could get the same kind of accuracy as ATMs.

      There's also the substantial issue of the requirement to handle processing all voters on the same day within a certain number of hours. That requirement, along with the rarity of elections, requires that you have a very large number of voting machines that are not permanently installed in a particular location. Imagine the logistical nightmare of having to quickly install thousands upon thousands of temporary ATM machines, hook up communications so they can communicate over a network in a completely secure fashion, have them work perfectly for 12 hours or so, and then uninstall them and put them back in storage.

      I'm certainly not saying it couldn't be done, by any means. But comparing voting machines to ATM machines isn't exactly comparing apples to apples.

    2. Re:Eeeeeeek by lexarius · · Score: 4, Interesting

      Idea: install the voting machines permanently, all over the place. Let people vote whenever they feel like, within about a month of the normal voting date, and see real-time results. The rest of the time, the voting machines can serve as terminals through which people can walk up and inform their local, state, or federal representatives of their opinions on various issues that will be discussed/voted on soon. Maybe even let the people actually vote on things.

      Of course, DieBold shouldn't be allowed to touch this kind of thing, and someone will find a way to abuse it, but probably not any worse than we've got right now. I hope.

  6. Secure Cellophane Bank Vaults by Anonymous Coward · · Score: 4, Insightful

    It's a step in the right direction, but really, is an audit even needed?

    This is like building a nylon tent to hold your valuables, then performing an audit to evaluate the strength of its zipper. The entire concept is idiotic from the start.

    There's a simple solution to voting machine security: use paper ballots. The machines can help you fill them out, but the result should always be a paper ballot which is the authoritative record of your vote. Simple, easy, secure. Why isn't this being done? Who knows, but it's clear the concerns of the people in charge are something other than correct vote counts.

  7. Some code howlers from TFA by noidentity · · Score: 4, Informative

    From AV-TSX bootloader code:

    void GlibPutPixel(UINT xx, UINT yy, Pixel_t Color)
    {
    // Check for library not initialized or (x,y) out of range
            if(FrameBuffer != FALSE || (xx < USER_X) || (yy < USER_Y))
            {
    // Compute the frame buffer offset and write the pixel
                    FrameBuffer[FB_OFFSET(xx,yy)] = Color;
            }
    }

    TCHAR name;
    _stprintf(&name, _T("\\Storage Card\\%s"), findData.cFileName);
    Install(&name, hInstance);

    First uses logical OR instead of logical AND to check boundaries, second writes a string where there is only storage for one character!

  8. "Plausible Deniability", Anyone? by NickFortune · · Score: 5, Insightful

    One wonders what it will take to convince voting machine manufacturers not to do things like hard coding passwords as '12345678.'"

    I can almost imagine that being a deliberate ploy. "

    I'm sorry your honour, but one of our programmers (no longer under our employ) hard coded a weak password in complete disregard of coding standards. Regretably, the weakness of the password has enabled certain parties to guess what it is, and thereby subvert the electoral process. But it's not our fault."

    Hanlon's Razor be dammned. In cases like this we should start assuming malice unless they can prove stupidity beyond any reasonable doubt.

    --
    Don't let THEM immanentize the Eschaton!
  9. Maybe not so obvious by dereference · · Score: 2, Insightful

    If you believe this is nothing more than pure incompetence, then you too have been fooled. This level of incompetence is usually indicative of strong intent that Hanlon's razor will be used by others to essentially protect the perpetrators from punishment for their immoral and/or illegal activities. This is just another way to game the system.

    1. Re:Maybe not so obvious by Martin+Blank · · Score: 4, Interesting

      I believe that it can be (but not necessarily is) pure incompetence. Most developers that I've met have no business writing code that would be usable in a 'secure' environment, and the pen tests that are now done as a matter of practice on our outward-facing systems routinely rip our devs work to shreds. It's gotten to the point that the developers want to know what methods will be used in the pen tests so that they can protect against them. We in the security group have steadfastly refused to provide them anything other than a timespan when the test will be happening, so that they know not to update code in the middle of it, and so that they can't do targeted coding before-hand.

      One of the major problems that I see is that the developers rely far too much on security by obscurity, no matter what the project covers, figuring that if the attacker can't see the code, then he can't see vulnerabilities, and they don't read enough about vulnerability research to understand how critically dangerous this is. They do things like requiring SSL for the front-end session, encrypting the back-end FTP transfer, and splitting off the management interface to an internal server, while leaving the access controls for the database identical for both systems, requiring only short passwords, allowing an inordinate number of password retries, using poor seeding techniques for session IDs, and leaving nearly-default configurations of the web server in place.

      I tend not to place as much value in accusations of malice as I do in observations of incompetence. When presented with a result like this from any random company, I am far more likely to attribute it to the latter, unless presented with some fairly strong evidence to the contrary.

      --
      You can never go home again... but I guess you can shop there.
  10. Sure it does. by khasim · · Score: 4, Informative

    The votes on 10 ballots are totaled and this total is recorded on a marker sheet placed on top. Then the bundle is tied up. (10 ballots)

    10 of those bundles are totaled on a different marker sheet and bundled together. (100 ballots)

    10 of those bundles are totaled on a different marker sheet and bundled together. (1,000 ballots)

    10 of those bundles are totaled on a different marker sheet and bundled together (10,000 ballots)

    And so on. The idea being that any individual bundle can be quickly verified or re-counted. And because it's all base 10, it is easy for MOST humans to visually verify the bundles themselves. The ones that can count to ten, that is.

  11. Re:fortify? by vidarh · · Score: 2, Insightful

    Didn't you even bother to read the sentence you quoted yourself. Fortify was used to find areas to investigate manually. These tools do have many shortcomings, but they do also find many legitimate problems. Using them to find starting points for manual investigations you might otherwise overlook is exactly the right way to use them. Believing them to produce a laundry list of actual problems is, as you pointed out, not.

  12. Not hand, mechanical paper counting by AHumbleOpinion · · Score: 3, Insightful

    Voting machines are a technical non-solution to a non-existing problem.

    Agreed.

    Counting votes by hand in public view is almost as fast, has much fewer things that could go wrong with them, and is intrinsically open to public scrunity like no machine system can ever be. Plus, it's cheaper.

    Wrong on faster and cheaper. As the recount in some Florida counties showed in the 2000 US presidential election.

    Voting on paper is fine, but the paper should be mechanically counted. Hand counts should be a last resort when the machines are unable to read a vote or are malfunctioning.

    1. Re:Not hand, mechanical paper counting by sadr · · Score: 2, Insightful

      Let us say that a person making $10 / hour can count 1000 votes an hour. That's one cent per vote counted.

      Let us assume that a person can enter one vote in 20 seconds on a voting machine. Let us assume that voting machines are busy 10 hours on voting day. Each voting machine will "count" 1800 votes in a day. So for $20, you can count more votes than the voting machine.

      If each voting machine costs $400, it will take 20 elections to recoup your investment. And while there are multiple elections a year, you have to buy enough machines to handle the presidential elections every 4 years. Most elections (i.e. primaries, run-offs, etc.), the machines will be significantly underutilized, so so only register a few dozen or hundred votes on average.

      It may not be quite as fast as a mechanical system, but it certainly would be a heck of a lot cheaper.

      Optical scan, i.e. standardized test style, isn't a bad way to have a machine count ballots, and leaves a paper trail, and is cheaper than the video machines (since you can use one machine for all of the votes), but probably isn't really that much better.

  13. California decertified all machines last night by Anonymous Coward · · Score: 2, Interesting

    Last night California decertified all of the electronic voting machines on the market. I thought that would be a bigger story today, but haven't seen it anywhere except for blackboxvoting.org

    1. Re:California decertified all machines last night by SSpade · · Score: 2, Informative

      That's misleading. They decertified them, then recertified them with some additional security requirements.

      See here: Elections chief gives OK to vote machines

  14. My favourite issue by The+Hobo · · Score: 2, Informative

    From page 51:

    Issue 5.2.24: AV-TSX startup code contains blatant errors.

    287 TCHAR name;
    288 _stprintf(&name, _T(''\\Storage Card\\%s''), findData.cFileName);
    289 Install(&name, hInstance);

    Here, name is not a character array but a single character in memory. The stprintf function
    expects its first parameter to be a character array, so the programmer had to use the&operator
    to get the address of name, rather than its value. The result is an obvious buffer overflow. A
    string that includes the filename, which could be under an attacker's control, gets copied over
    whatever data resides in the memory region following name.
    That this code works at all seems purely accidental. Memory corruption occurs even when
    legitimate .ins files are used. An attacker who included a file with a long name or a name
    containing particular characters might be able to crash the program or, possibly, execute
    malicious code.
    This bug sheds light on the vendor's software engineering practices, because it is a very
    unusual error for an experienced C++ programmer to make. Characters and character arrays
    are very different constructs in C++. Students using the language for the first time might
    confuse the two, but experienced programmers who understand basic concepts like pointers
    would be unlikely to confuse them. The probability that an experienced C++ programmer
    would make such a mistake or overlook it during even a cursory review of the code is
    exceptionally low. This suggests to us that after this code was written it was not reviewed
    by any other engineers at Diebold.

    That's gold Jerry! Gold!

    --
    There is another kind of evil which we must fear most, and that is the indifference of good men. -- Boondock Saints
  15. Re:Voting Machine == Ballot Printer by zCyl · · Score: 2, Insightful

    If a ballot-reader counts the votes, fine. We can have fast results without giving up accountability.

    Look it up. Ballot readers are compromised as easily as the original machines.

    An ideal arrangement is to have a printed ballot as the official ballot, and a supervised hand-counted count which is the OFFICIAL count. Then, the original voting machines can also perform an electronic tally themselves, and this electronic tally can serve as a check for the hand count. If the two differ significantly, something has gone wrong, and an audit must be performed.

    If the media want to report the electronic tally as a preliminary result, let them. Simply declare that only the hand count (which can be supervised) is official.
  16. Link to the official 'Top-to-Bottom' Review site by SpzToid · · Score: 2, Informative

    Top to bottom review docs:
    http://www.sos.ca.gov/elections/elections_vsr.htm

    Also the public hearing where a university computer science professor describes the results of the red team testing. The audio starts very poor but improves after 25 minutes, but I've ONLY been able to watch it *streaming* (which is a drag). The hearing is 6 hours long and if anyone can provide a download link, I'd be grateful.
    http://www.calchannel.com/search.php?date=073007&s ource=All&type=All&title=&Search=Submit

    At 5 hrs, 26 min. Jim Soper presents a very good technical rebuttal to the manufacturers official positions, and receives some good applause from the crowd.

    --
    You can't be ahead of the curve, if you're stuck in a loop.