Slashdot Mirror
California Sues E-Voting Vendor ES&S
Gustoman writes with news that the California Secretary of State has sued ES&S, a vendor of e-voting machines, for selling machines that were modifications of the model that has been certified. Apparently ES&S relocated two circuit boards, rerouted several internal cables, and changed some mounting bracket supports in their AutoMark A100 devices, named the modified version AutoMark A200, and sold 972 of them to five California counties. The changes sound somewhat trivial, but the certification contract specified that no "substitution or modification of the voting systems shall be made with respect to any component of the voting systems... until the secretary of state has been notified in writing and has determined that the proposed change or modification does not impair the accuracy and efficiency of the voting systems sufficient to require a reexamination and approval." The state is seeking a penalty of $10,000 per machine sold, plus the cost of the machines to the counties — almost $15 million in all.
If they are different enough for the company to give them a new model number, they are different enough to need recertification.
I was thinking the same thing. The problem is you can raise the bar high enough that corruption becomes viable for both sides. This case will hopefully make the chuckle-heads behind the voting machines realize that they need to be building bulletproof systems and not barely good-enough consumer goods. Think embedded system rather than an MS Access 'solution.'
a) They didn't think it was that big of a deal.
b) They forgot.
The actual error isn't terribly worrying, but the process failure that led to the breach of their contract, especially for something that could have been complied with quite easily, is not the sort of thing you want to see going on at a company that makes closed source voting machines.
There's no failure quite as dissatisfying as a complete and total solution to the wrong problem.
"There are more things in heaven and earth, Horatio, than are dreamt of in your philosophy."
Do you want your vote counted by people who can't read a contract? We used to have client documentation requirements of two ring binders for some and three ring binders for others. If we did it wrong, we would have lost 10% of the payment for a 20 million dollar machine. You bet the requirements were checked and double checked.
This case also serves as a warning that California will not take any crap from the vendors. It may prevent any further 'mistakes.'
SOME LINES FROM THE ARTICLE...
Does relocating two circuit boards, rerouting several internal cables and changing some mounting bracket supports mean an e-voting device must be recertified to meet state e-voting requirements?
The company also contended that the changes to the AutoMark A100 were so minor that ES&S was not required to submit them for review.
The only changes made to the devices were minor engineering modifications, according to ES&S.
Let me answer the question at the beginning of the article with a resounding YES!!!!!!!!!! YES YES YES! What if the software was written to act differently (cheat) if a bolt was in a certain place, if the color of some paint was different, or if something else was a cetain height? A company can just say "these are just minor changes that has nothing to do with the operation". You see, the contract was written to cover things like this. I am not saying the company had ill-intentions, but if they did violate the contract it's just stupid and - i guess if I can stretch it - a bit suspicious.
Really? Where shall we draw the line then?
There is surely enough electronics in these machines that it would be trivial to conceal a circuit that changes its behavior depending on how various circuit boards are physically mounted in a chassis, even when all the connections appear visually equivalent.
Without visibility of the source code, we have no idea what it's doing under normal circumstances, much less when bits inside of it as physically rearranged. Hell, even with full schematics and source code, things could be easily hidden in production units. No matter what we do, we're taking their word for it.
Get rid of the machines.
This is EXACTLY what happened with all those chinese product safety scandals. A safe 'certified' product gets produced in China, someone there decides to change something, and BAM the product turns out to be unsafe.
Certification is meant to be "I seen this product, I tested it, it is safe". If you then CHANGE that product, that means the test is no longer valid.
And yes, that is down to the size of the screws. In this case that would matter a great deal, voting machines are supposed to be tamper proof. Change the screws and it might be a lot easier to open all of a sudden.
If you work with products that are certified, then you must keep the product the same. Those are the rules, it is in the contract.
Really, with the recent stories from China I would think nobody would be stupid enough to think it a good idea when products are changed on the production line.
It don't matter that the changes may not have an impact, HOW ARE WE SUPPOSED TO KNOW.
The deal with this kind of situations is, you produce a product in X form. That is form is tested and gets certified. If you then change it, it has to be retested and recertified because without it that product has suddenly become untested and your word isn't good enough or we would have gone through the first testing and certfication in the first place.
Do you trust voting machine companies? You must be a diebold stockholder.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
The new Republican only software service pack was an upgrade to improve machine performance and simplify the voting process.
It is this simple.
The law REQUIRES Cerification of the Voting Machine to be used/sold. ESS had the A100 certified. They are allowed to sell the A100 in CA
ESS made a newer model the A200 and sold them uncertified to districts.
I don't care what the changes were, You put a sticker on it that wasn't there during certification its uncertified. PERIOD. Finish engineering the damn thing before submitting it for certification.
Let this be a lesson to the makers of these types of machines. ONLY CERTIFIED VOTING MACHINES are legal.
Frankly, I'm disappointed with you guys for your wishy washy interpretation just because we are a bunch of engineers doesn't mean we don't have to take their side when they violate the law. Especially wjen it comes to something so vitally important to our democracy.
I couldn't agree more with this comment from the Sec of State.
"ES&S ignored the law over and over and over again, and it got caught," Bowen said in a statement. "California law is very clear on this issue. I am not going to stand on the sidelines and watch a voting system vendor come into this state, ignore the laws and make millions of dollars from California's taxpayers in the process."
Thank You, that is all.
OSGGFG - Open Source Gamers Guide to Free Games
I see your point, but this is one of the reasons "mil-spec" parts cost so much. You get what you ordered, not what some vendor decided you might like instead. And those small differences add up. Cable locatons affect air flow and thus cooling. A very minor component change, such as a minor network chipset change, can swap network ports. And failing to notify the customer of the change is a very, very bad practice, especially in a sensitive system, because when a technician opens it up and two otherwise identical systems with the same model number don't match, foul play is going to be suspected.
I hate to tell you, but a change in the color of a key could be important. What if that change made the key unreadable to color-blind people? Or reduced the contrast so it was harder for a partially-blind person to read? These details can be important when you're dealing with something like a voting machine. Sure, maybe my scenarios don't seem likely, but they are possible, and thats why the government wants the chance to make the call, not the voting machine company. Notice that (at least the way I read this) the government of California isn't asking to re-certify trivial changes, they're merely asking to be notified of any change (no matter how minor) so that the government of California decides what is trivial, not the vendor.
What if they have some solid state gyros, that act differently based on said boards' positions. Or if that is so complex to accomplish for some idiots, who cannot fill in some papers; What if the PCB is designed in such a way that, when you use a one size bigger than standard nut, it acts as a jumper and changes results...
They had a contract. The supplier failed to follow it. Breach of contract is handled like this, I doubt the contract had anything about "just return it and go elsewhere" in it (also I'm not sure govt spending can be redirected as easily as that, remember that there's the whole lowest bidder thing to go through). Even if, that would cause additional costs for the govt because of the additional work to get another machine made. If a store sells you a product that's not what you told them you want that's fraud, if a supplier sells you something that's not what the contract specified that's breach of contract.
Justice is the sheep getting arrested while an impartial judge declares the vote void.
http://www.news4jax.com/politics/3890292/detail.html "The software is not geared to count more than 32,000 votes in a precinct. So what happens when it gets to 32,000 is the software starts counting backward," said Broward County Mayor Ilene Lieberman. The article says that they'd known about the problem for two years and failed to fix it. http://abcnews.go.com/US/comments?type=story&id=2646802 Randy Wooten figured he'd get at least one vote in his bid for mayor of this town of 80 people even if it was just his own. He didn't. Now he has to decide whether to file a formal protest. http://backslash.slashdot.org/article.pl?sid=06/08/01/191235 The Open Voting Foundation's disclosure that only one switch need be flipped to allow the machine to boot from an unverified external flash drive instead of the built-in, verified EEPROM There has been tons of mishaps with those machines reported on slashdot alone... I certainly don't blame them for throwing the book at them and fining them for all their worth. It certainly sends across the message that the voting system is not to be fucked with and hopefully it can help prevent situations like the above.
bah.
The company obviously doesn't treat elections very seriously and should be smacked down.
An election doesn't just have to work right, it has to be SEEN to be working right - that is PART of the "deliverables". Otherwise people may rightfully get pissed off.
Say in an "old school voting system" you had a company in charge of transporting ballot boxes from the booths to the counting stations, and one of the trucks took a "minor detour" on the way, maybe for the convenience of the company or the employees (take a leak or buy a drink etc).
Sure, nobody might have tampered with the stuff, but the elections get "damaged".
How damaged who knows. The eventual losers could kick up a big fuss. You might piss off millions of voters.
The company obviously doesn't deserve to be in the election system business.
The USA spends so much money in Iraq on "regime change" AKA picking the leaders there, but when it comes to picking the leaders back home - "it's only a minor modification" or we'll let Diebold's rejects who wouldn't be able to make ATM machines build voting machines for us.
For me, it has always been surprising that you americans have all these problems with voting machines. Voting is a simple enough proccess, why would anybody need a machine to do it?
I think it's always better to do it the traditional way, you go there with your ballot and put it on a clear box, after somebody has checked that you are who you say you are, and that you are supposed to vote. Painfully simple, completely fool-proof. It takes a bit more people to do it, but it's just as being in a jury.
I see absolutely no downside about doing it the traditional way. Is there any reason to do it with machines in america, or you do it that way just because it's cooler?
Tis women makes us love, Tis Love that makes us sad, Tis sadness makes us drink, And drinking makes us mad.
The answer to your question is in your post.
It's true that voting is simple process. Rigging a vote, however, is not as simple; and printing ballots does not have as high a profit margin as selling a voting machine.
The reasons for the machines and the reasons for the non-traditional way are: to make more money for friends (and campaign contributors) of politicians and to facilitate getting the desired (and paid for) result from an election.
It has nothing to do with the intelligence or lack thereof in the American voting populace.
The US, being an enormous country, has a many levels of government. Unlike many other countries, it runs all elections for all levels of government on a fixed date (some Tuesday in November), rather than spreading them around the year. Of course, not every position is up for election every year, but still this means that the "ballot" contains tens if not hundreds of separate elections, ranging all the way from the US President to the county water board and the town mayor, not to mention multiple "ballot initiative" (direct legislation). Each election (especially president, governor etc) can feature tens of candidates (most of them irrelevant). Printed ballots are thick booklets; both filling them correctly and manually reading them is a non-trivial operation. Also, manually tallying the votes in these hundreds of elections takes a lot of time.
This is not to say that this was not done manually in the past, but certainly using computers greatly simplifies the process. I think the best solution is to use computers to generate the ballot, but only use computer counts provisionally. That is, the voter will step up to a computer and will make selections, after which the computer will print a filled ballot that can be optically scanned. The computer will also tally the votes giving a quick result for most of the races. Nevertheless, the printed ballots should be considered the official votes, the ones to be used if a recount is necessary. In important races (President, Governor) it's probably better to automatically count the printed ballots and only use the computer counts for provisional results. Note that this also allows for people to manaually fill their ballots if they feel like it.
Think about it.
In Europe minority votes count for something and you have more than 2 credible parties. That makes rigging an election far less valuable.
In the US just a few thousand votes in a key are brings your party from a lot of control (president) to very little (Democrats in the Senate and House can't get shit done).
With razor thin margins and 49% of the vote counting for nothing it is possible to subtly change the votes and drastically alter the political landscape.
In 2000 Florida was withing 1/100th of 1% (0.01%) and would have made Gore the president. I doubt there is many places in the rest of the world where so few people in such a small area could cause such a dramatic shift. This makes the risk/reward analysis in the US much different than other places with your minority reresentation and 3+ parties.
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg