Slashdot Mirror

← Back to Stories (view on slashdot.org)

California Sues E-Voting Vendor ES&S

Posted by kdawson on from the black-letter-law dept.

Gustoman writes with news that the California Secretary of State has sued ES&S, a vendor of e-voting machines, for selling machines that were modifications of the model that has been certified. Apparently ES&S relocated two circuit boards, rerouted several internal cables, and changed some mounting bracket supports in their AutoMark A100 devices, named the modified version AutoMark A200, and sold 972 of them to five California counties. The changes sound somewhat trivial, but the certification contract specified that no "substitution or modification of the voting systems shall be made with respect to any component of the voting systems... until the secretary of state has been notified in writing and has determined that the proposed change or modification does not impair the accuracy and efficiency of the voting systems sufficient to require a reexamination and approval." The state is seeking a penalty of $10,000 per machine sold, plus the cost of the machines to the counties — almost $15 million in all.

12 of 185 comments (clear)

  1. Even as an e-voting opponent, this seems harsh. by bobdotorg · · Score: 1, Interesting

    I could understand Cal's concern if different IC's were used, or if code was re-flashed. But if the two machines had the same circuit diagram, same components, and code, this penalty seems zealous. I live in California, and it's painful to see bureaucratic zealots nominally on my side, but being far from reasonable. This particular error on the part of the voting machine company appears to be on the level of a failure to file necessary paperwork.

    --
    __ Someday, but not this morning, I'll finally learn to use the preview button.
    1. Re:Even as an e-voting opponent, this seems harsh. by deniable · · Score: 4, Interesting

      Do you want your vote counted by people who can't read a contract? We used to have client documentation requirements of two ring binders for some and three ring binders for others. If we did it wrong, we would have lost 10% of the payment for a 20 million dollar machine. You bet the requirements were checked and double checked.

      This case also serves as a warning that California will not take any crap from the vendors. It may prevent any further 'mistakes.'

    2. Re:Even as an e-voting opponent, this seems harsh. by mabhatter654 · · Score: 2, Interesting

      government lives and dies by paperwork. Vendors know this, govt employees know this. After all, a speeding ticket is just not following the "paperwork". Or how about Taxes, filing those properly is just some "paperwork" as well.

      When the military orders hammers they order an EXACT hammer, down to what color and finish... it's all very important to somebody so the specs have to be followed exactly, even if the hammer is functionally identical, that's not good enough. It's high time that computer and software people get the message and play by the same rules as other vendors when they produce their products. Software makers need to learn how to follow their OWN documentation and provide the exact documented service called for in the contract... when it comes to e-voting even 1 line of code errant is cheating, it would be as important as "just changing" a line item of your taxes because the form "works better" that way.

      The FDA and IRS and Military and Casinos and Banks all demand EXACT procedures when lives or money is on the line.... I'd say VOTING is even MORE important that the rules be followed. It's a fundamental shift in how software is expected to be provided and operated that's been LONG overdue. The whole attitude in software that it works "good enough" so release and move on has absolutely no place in the e-voting market any more than in banking or running the space shuttle... a certain large software Making Software firm refuses to be bound by those kind of contracts even when it's the military doesn't mean their underlings can get away with it forever.

  2. It may be more serious than obvious by Anonymous Coward · · Score: 2, Interesting

    Sometimes simple modifications substantially weaken security. The relocated circuit boards could make it easier to swap chips, or make targeted DoS attacks which can easily alter elections easier to effect. It's well know that most election districts have a history of voting for candidates of a certain party. If you knock a bunch of machines offline in just a few of the ones for the opponent, you can cause the lines to be long enough fewer people will vote, and unless it would be a landslide, the election results change. As for how to knock the machines offline? Instead of needing a NERF gun, perhaps the changes allow something as simple as a high power white noise generator with an antenna beneath a person's clothes to do the trick.

  3. Amazing, how can you be this stupid by SmallFurryCreature · · Score: 4, Interesting

    This is EXACTLY what happened with all those chinese product safety scandals. A safe 'certified' product gets produced in China, someone there decides to change something, and BAM the product turns out to be unsafe.

    Certification is meant to be "I seen this product, I tested it, it is safe". If you then CHANGE that product, that means the test is no longer valid.

    And yes, that is down to the size of the screws. In this case that would matter a great deal, voting machines are supposed to be tamper proof. Change the screws and it might be a lot easier to open all of a sudden.

    If you work with products that are certified, then you must keep the product the same. Those are the rules, it is in the contract.

    Really, with the recent stories from China I would think nobody would be stupid enough to think it a good idea when products are changed on the production line.

    It don't matter that the changes may not have an impact, HOW ARE WE SUPPOSED TO KNOW.

    The deal with this kind of situations is, you produce a product in X form. That is form is tested and gets certified. If you then change it, it has to be retested and recertified because without it that product has suddenly become untested and your word isn't good enough or we would have gone through the first testing and certfication in the first place.

    Do you trust voting machine companies? You must be a diebold stockholder.

    --

    MMO Quests are like orgasms:

    You may solo them, I prefer them in a group.

  4. Re:Different Enough by leuk_he · · Score: 4, Interesting

    If they did not change the version number nobody might have noticed. Even not it it was sold with a buildin trojan. What does that say about voting with computers?

  5. I know what I would do... by Belial6 · · Score: 2, Interesting

    If I was a voting machine vendor, and I wanted to hide a hack, er... miss an accidental bug, in the original hardware, I would just have a ground point that enabled the alternate code. Then the only modification needed would be to leave off an insulating washer. Far less than the modifications done to this machine.

  6. Re:Any hope? by rucs_hack · · Score: 1, Interesting

    what an intriguing mix of insight and paranoid nonsense.

    Voting machines do not exist for people to buy elections. They exist because it monetizes the election process, allowing people to get wealthy by controlling a process that is required in a democracy.

    The problem is that it's potentially so lucrative, that these guys are rushing into the process, talking up security, trustworthiness and stability, whilst simultaneously ignoring those same things in the interest of gaining the mighty buck, and the mightier government contracts. I don't doubt there are dodgy dealings being employed to gain those contracts, but election fixing? Be serious. You can't spend much money in jail, and they'd go away for a very long time.

    Whatever, their aproach doesn't work, that's clear. They need to sort themselves out, or a new consortium of open source hardware and software bods need to step into this mess and offer decent replacements.

  7. Re:Any hope? by Cro+Magnon · · Score: 2, Interesting

    You can't spend much money in jail, and they'd go away for a very long time.


    To quote Aladdin in the Disney movie, "You're only in trouble if you get caught". Like most criminals, they don't expect to get caught.
    --
    Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
  8. Re:Seduced by technology by TimTheFoolMan · · Score: 2, Interesting

    That is, as long as you're not physically unable to mark a piece of paper by yourself.

    For all its faults (and there are many), the Help America Vote Act (HAVA) came about because people who are blind or physically unable to mark a ballot had no way of voting independently and privately. To that end, their civil rights were not being addressed by the individual states, and the resulting legislation forced the states to come into compliance (well, everyone except New York).

    Prior to the DRE (Direct Recording Electronic) variants, we did all manner of technology things to try to eliminate the nefarious things that various groups would do to unfairly influence elections. Lever machines, scantron/marksense systems, and so on, were all attempts to get the "personal touch" that was so frequently applied, removed from the process. Lever machines seem to have had the best reputation, but even those were susceptible to tampering, in subtle (and frequently invisible) ways.

    Another issue in the US is the complex nature of voting rights. Voting laws and regulations are the province of each state, even when it comes to selecting the Electoral College representation for Presidential elections. For example, KY (where I live) could decide to choose its electors by flipping a coin, and our friends in IN or TN couldn't do a dang thing about it. As long as the states don't do anything that biases the process in favor of one particular group over another (such as male/female, white/non-white, non-disabled/disabled), the feds have no say in the matter.

    Lastly, you have the issue of US geography. There are many places in the US that are incredibly rural, where outsiders are simply unwelcome. Smart people, even federal agents, go into the hills of Eastern KY with caution, because they know that going in and throwing their weight around so carries a fair amount of risk. I know a former FBI agent who NEVER traveled into Eastern KY alone for just this reason. I would expect that each state has areas like that, where outside review of voting practices or oversight will not be received gladly. In those areas, the states are always looking for ways to get family/regional influence out of the process, because bipartisan oversight is so incredibly laughable.

    Like most issues on Slashdot, this is a lot more complicated than the average person (especially those outside the US, or with little familiarity with the US version of representative democracy) realizes. While I see no reason to cut ES&S any slack on this matter, I can sympathize with the difficulty of navigating the plethora of regulations and laws that such a company is subject to, should they choose to sell to more than one state in the US.

    Tim

  9. Re:Quite right. by Dirtside · · Score: 2, Interesting

    In Europe minority votes count for something and you have more than 2 credible parties

    As a U.S. citizen, I'd be happy with more than zero credible parties.
    --
    "Destroy science and religion. Science would re-emerge exactly the same; but not religion." - Penn Jillette, paraphrased
  10. Re:Any hope? by bjorniac · · Score: 2, Interesting

    No. We elect a government and all the other ballots can go some other time. Why not have a presidential ballot that you do first, on paper, and then a machine in the next room for all the less important (ie local ordinances etc) stuff?