Damning Report On Sequoia E-Voting Machine Security

TechDirt notes the publication of the New Jersey voting machine study, the attempted suppression of which we have been discussing for a while now. The paper that the Princeton and Lehigh University researchers are releasing, as permitted by the Court, is "the same as the Court's redacted version, but with a few introductory paragraphs about the court case, Gusciora v. Corzine." What's new is the release of a 90-minute evidentiary video — the researchers have asked the court for permission to release a shorter version that hits the high points, as the high-res video is about 1 GB in size. See TechDirt's article for the report's executive summary listing eight ways the AVC Advantage 9.00 voting machine can be subverted.

Don't look

Don't read the report about voting machines. It contains spoilers about who wins next month.

Re:Don't look

[BorgAssimilator]

It's ok, the spoilers were already announced:

http://www.theonion.com/content/video/diebold_accidentally_leaks

Re:Don't look

[cayenne8]

"Don't read the report about voting machines. It contains spoilers about who wins next month."

Hell, why bother with rigging the voting machines...it seems this year a simpler method has been found, with Acorn registering everyone they can, dead, undead, fictional or alive.

The old, tried and true way of "Vote Early, and Vote Often" seems to be the method du jour this year.

:)

Re:Don't look

Registration is not voting. Nice try, fail.

Re:Don't look

[cayenne8]

"Registration is not voting. Nice try, fail."

False registration is the first step in voter fraud, is it not?

And flamebait on the original post? What...Is rigging the machines not just as bad as encouraging and aiding voter fraud by fraudulently registering voters multiple times, fake voters, etc?

I mean...c'mon...if it is bad for one side, it is bad for the other side too.

Re:Don't look

[GrumblyStuff]

Registering is not voting.

Re:Don't look

[laird]

"why bother with rigging the voting machines...it seems this year a simpler method has been found, with Acorn registering everyone they can, dead, undead, fictional or alive"

This is, as the poster must be surely be aware by now, not what happened. What actually happened is that a few ACORN employees got lazy and filled out fake voter registrations using the. names of athletes, characters from fiction, etc.). ACORN found out, fired the people responsible, and identified the bad registrations to the authorities when they turned them in. They were required to turn them in by law, as it is illegal to not hand in any voter registration forms due to the obvious potential for abuse if the registration organization is allowed to be selective about which registrations to submit.

Because ACORN identified the suspicious registrations, and because the government agencies that process the registrations validates them, there were likely few or no fake voters actually registered to vote.

And, of course, Micky Mouse, etc., is not going to show up to vote.

So the fraud was not the creation of fake votes, but of ACORN (and to a degree the voter registration agencies) getting their time and money wasted by a few former ACORN employees. Given that ACORN hired 13,000 people and generated 1.3m legitimate registrations, the number of bad registrations reported so far is surprisingly small (a few thousand is claimed).

For actual voter fraud, you'll have to look elsewhere. Like, say, electronic voting machines, caging, etc.

Re:Don't look

[laird]

"is rigging the machines not just as bad as encouraging and aiding voter fraud by fraudulently registering voters multiple times, fake voters, etc?"

Rigging machines is much worse. Rigging machines can affect every vote cast in the machines.

Registering fake voters results in no fake votes, because fake voters don't show up to vote. It is legal for people to register multiple times, so long as they only vote once.

So you're right that "if it is bad for one side, it is bad for the other side too". But in simply saying that doesn't magically make the behavior of the two parties identical.

Historically the Republicans have been the minority party that applies superior tactics and funding to win national elections. When you're the majority party you don't need to cheat - you need to have the rules enforced. When you're the minority party, you do all you can to get every vote.

For example, changing people's voter registrations between parties without their knowledge (http://conspireality.tv/2008/10/20/finally-an-actual-arrest-in-vote-fraud-case-and-its-a-republican/), however, turns out to be illegal.

Re:Don't look

[KovaaK]

encouraging and aiding voter fraud by fraudulently registering voters multiple times, fake voters, etc?

And if you actually look into it beyond fox news and the "sources" that they quote, you may find out that it is legally required by a voter registration group such as ACORN to submit every single registration form that they receive, regardless of if they think it is valid. They are allowed to mark ones that they believe to be invalid, so that they will be further inspected by actual officials, but to my knowledge, no one has questioned the accuracy of their markings. The issues with false registrations are mostly being found as cases of the person collecting registrations attempting to hit quotas to prove that he/she is actually working. Molehill, not a mountain.

False registration is the first step in voter fraud, is it not?

It could be the first step, but it isn't necessary for voter fraud (as some other replies around this thread suggest, there are plenty of ways to mess with democracy).

As for this particular method, are you suggesting that people going to show up with fake ID's to match the false registrations that they submitted? Seems a bit more involved than designing the machines to falsely provide results.

Outside of that, I have recently realized an issue of concern regarding our electoral process... some people have realized that many minorities who are legal citizens of the country and should be allowed to vote aren't being allowed to vote because they lack ID that is accepted at the time of voting. The problem is that while the Democrats are fighting to get these ID laws removed, they aren't really acknowledging that false registrations in conjunction with no ID required would completely undermine our voting system. We still need to find a way for all citizens to vote though (preferably not a solution involving ID's with RFID chips, GPS tracking or whatever else is remotely possible).

Re:Don't look

[cayenne8]

"As for this particular method, are you suggesting that people going to show up with fake ID's to match the false registrations that they submitted? Seems a bit more involved than designing the machines to falsely provide results."

Actually....not that many states require ID to vote.

I think they should, we only want US citizens voting. I see no problem in the states that do require it when they will give, free of charge, ID to citizens to allow them to vote.

But the problem with many states with false registration, is that there is no standard way to verify who the person is....so, you can have people voting multiple times under multiple names in multiple sites.

Re:Don't look

Registering fake voters results in no fake votes, because fake voters don't show up to vote. It is legal for people to register multiple times, so long as they only vote once.

Apparently you have never heard of a little item called an "Absentee Ballot".

No, you don't have to show up to vote. It is in some cases legal to register in multiple states provided you have actually moved residency and cast only one vote.

The fraud referred to is people who register their cat, parrot, fish, dead parents, etc. and then send in absentee ballots for them.

Re:Don't look

[inviolet]

Registering fake voters results in no fake votes, because fake voters don't show up to vote. It is legal for people to register multiple times, so long as they only vote once.

An AC has already reminded you that fake registrations do result in fake votes, via absentee ballots. This is important, so I am restating it as non-AC so that other folks can hear it.

Why in the world did you think ACORN et. al. would go to all the trouble of setting up multiple registrations if such did not result in additional votes?

Re:Don't look

[The+Spoonman]

Silly you, trying to refute propaganda with facts. If that worked, there wouldn't be any Republicans left anywhere. :)

Re:Don't look

[eikonos]

False registrations are bad, but they're only the first step. Mikey Mouse may be registered to vote, but he's not actually going to vote.

On the other hand, a rigged machine is the last step in voter fraud; it will results in fraudulent votes, probably on a massive scale (since switching many votes is as easy as switching one for a machine).

Re:Don't look

[PTBarnum]

Why in the world did you think ACORN et. al. would go to all the trouble of setting up multiple registrations if such did not result in additional votes?

ACORN agents send in fake registrations so they get paid more by ACORN. What could be simpler than that?

I rolled a 2

My reading comprehension must have failed a saving throw. I can't understand the summery.

Re:I rolled a 2

summery.

Re:I rolled a 2

[onkelonkel]

It's nice here in the summery. In the wintery it rains all the time.

Re:I rolled a 2

[theaveng]

Or as Chaucer stated so eloquently: "Whan that Aprill, with his showers soote, the drought of March hath perced to the roote. And bathed every vein in sweet licour of which vertu engendered is the flour. Whan Zephirus eek with his sweete breath, inspired hath in every holt and heeth. The tender croppes, and the younge sonne hath in the Ram his halfe cours run, and smalle fowles maken melody."

Re:I rolled a 2

I wolde I had thy coillons in myn hond...

No problem, just put a disclaimer on the machines

[l0ungeb0y]

"We provide this voting booth for entertainment purposes only. Use of this machine does not constitute the actual act of voting for a bill or candidate. The State of [INSERT_STATE_NAME_HERE] and the United States Federal Government are not liable for any damages that may arise through the use of this entertainment apparatus."

That ought to do it.

"E-Voting Machine Security" like "Microsoft Works"

[corsec67]

An oxymoron.

The only thing a e-voting machine should be used for is printing a paper ballot.

Count the paper ballots.

Anything else means you have to trust the voting machine, or the people who verified the voting machine.
(You have to make sure that there are no hidden things in any of the chips, the software, any memory card that comes into contact with the machine, the network that the machine is connected to, etc. Seriously, who can possibly think that a E-voting machine with a Sprint data card in it is secure?)

if electronic voting

[circletimessquare]

could be made 100% secure, foolproof, etc., it should still not be used

simply because of the PERCEPTION of what happens to your vote in electronic voting

it is a black box. your votes go in, sausage comes out. meanwhile, a piece of paper has no secrets. it stays in a box, it can retallied. it can be messed with and falsified and burned, sure. but not with such ease and not in so many quick secret and immensely powerful ways electrons or magnetic marks on a disk can be messed with

all nations should use paper ballots, doesn't matter how rich they are. joe schmoe needs to touch and feel and smell his vote. voting machines and electronic voting represents a black box system, and therefore represents too much fundamental distrust. distrust undermines the legitimacy of democratically elected governments in the eyes of the people

it is not good enough that joe schmoe vote in absolute security and privacy and integrity. joe schmoe must also BELIEVE that. but in an irreducibly black box system, distrust is inescapable

electronic voting is the greates threat to democracy, ever. no ideological system or intolerant set of beliefs can undermine faith in democracy more than a method of tallying votes that the technofetishist loves, but the general populace views with suspicion

you don't need to say "gee whiz" when you vote

we need to end electronic voting, in the name of strengthening democracy

Re:if electronic voting

[db32]

joe schmoe needs to touch and feel and smell his vote.

This certainly explains a lot. Apparently this is how we keep winding up with Republicans in office. If I had to sit and count poo streaks on a paper ballot all day I would demand E-voting too. There is clearly some confusion about what the booth is there for and what to do with the paper provided.

Re:if electronic voting

[corsec67]

I think you have the perception most people have of computers wrong.

Most people think computers are incapable of being incorrect. Microsoft is trying hard to change that, but they are getting less effective.

If the computer is wrong, it must have been something that the user did incorrect. "I shouldn't have clicked on that link to that page", instead of "The browser is broken, it shouldn't have been vulnerable to the stuff on that page"

I agree that paper ballots should be used, but most people think that if a computer is involved it will not be incorrect.

Re:if electronic voting

[FrameRotBlues]

For the majority of people, damn near everything in their lives is a "black box." Very few people understand how simple devices actually work. To most people:

• The automobile is a black box: put gas in, motion comes out.

• The computer is a black box: put electricity in, naked women come out.

• Television is a black box: put electricity in, naked women come out.

People have put their trust in black boxes for a long time. I'm neither for nor against electronic voting, but I do think there ought to be a paper trail and open source software running it, so it can be verified by a hastily-assembled group of people who don't want to be there.

Besides, any system is fallible: humans take part in it. Even if we kept with paper ballots, who's to say the officials in a district couldn't be paid off to swap the real ballot box with a fake one filled with a known number of ballots for Candidate X? And if the crime was admitted to, and the voters in that district were asked to vote again, would they all re-vote the exact same as they had before? Highly doubtful: they're human.

Re:if electronic voting

"

I think you have the perception most people have of computers wrong.

Most people think computers are incapable of being incorrect. Microsoft is trying hard to change that, but they are getting less effective.

If the computer is wrong, it must have been something that the user did incorrect. "I shouldn't have clicked on that link to that page", instead of "The browser is broken, it shouldn't have been vulnerable to the stuff on that page"

I agree that paper ballots should be used, but most people think that if a computer is involved it will not be incorrect."

well, considering that firefox with noscript can go to the same webpage, and rather than load a hokey flash game, while it corrupts your hard drive and makes it a 'zombie', it loads a slew of errors about how it's trying to clickjack you into installing some broken silverlight script to permanently install malware on your system...

it's not my fault that flash and internet explorer are horribly broken, and that everything microsoft tries to do to make it 'better' actually makes it worse, and meanwhile 100 mafia guys are making 6 digit incomes off spam and related crimes.. but hey at least i know it's not that computers are fundamentally broken, it's just the software of choice of so many that are flawed from the get go. there was a time when firefox didn't need noscript. there was a time when ie didn't need to be trashed and replaced with firefox with noscript.

but technology is maturing and just as surely as pirates learned how to use guns and cannons the modern criminal has learned how to use the PC. even career politicians have learned how to rig voting machines. it's the world 2.0. dreams of computers creating direct democracies can be flushed down the toilet where such pipe dreams come from, we're living in a world where criminals can steal 6 billion dollars a year, and delete every record that can trace the money back to them. or at the very least live in a country that has no extradition.

Re:if electronic voting

WooHoo Garbage in Gospel Out!

and in a fit of coincidence the captcha for this one is axiom!

Re:if electronic voting

[AK+Marc]

People in the US don't care. Brasil has a working electronic system that is trusted, so your premise is wrong. Less than 1% in the US care, and they are the ones making a stink, the other 99% believe whomever tells them the system works (whether paper, which has seen its share of fraud, or electronic).

Electronic voting gives freedom to those with disabilities. Electronic voting gives instant results. Electronic voting allows for things like Internet voting. Electronic voting could eliminate all the wasted paper and time for the old system. Even at its worst, trusted electronic voting would be nothing more than a GUI attached to a printer to eliminate hanging chads, mismarked ballots, and voter confusion over choices and ballot placement which are rampant with a paper system. There are a lot of good things about electronic voting, and claiming there are no redeeming features indicates that you are a nutjob that doesn't care about the reality, but has latched onto an idea and will preach about it from any soapbox you can get your hands on.

Re:if electronic voting

[MyMistake]

I'm a "technofetishist" and so are many of my friends. We all think voting should be paper. It's a hell of a lot easier to fix the hanging chad bug than to build, debug, and secure a system like that.
I've heard people cite the ATM network when they talk about big, distributed hardware/software systems that anybody can access, and it works pretty well. It's a false-equivalence though. You get a paper statement at the end of every month (or online, immediately) which provides the paper trail. If my account gets hacked, I don't get the wrong president. And you have Visa, Wells Fargo, Bank of America, Chase, etc... all with a vested interest in it working properly. Compare that to the Democratic and Republican parties eternal war and they look like best friends forever.
eVoting? No thanks.

Re:if electronic voting

[jonaskoelker]

Most people think computers are incapable of being incorrect.

I strongly disagree, and I'll explain why.

Microsoft is trying hard to change that, but they are getting less effective.

Heh :) A large portion of people remember the days of windows 95 and apps crashing all over the place, and the infamous blue screen of death. Even in XP you run into the neat dialog box "[App crashed! Send us your private information yes-no?]".

If the computer is wrong, it must have been something that the user did incorrect.

True some of the time. If the user can connect in their mind something they did with an undesired outcome, the outcome will act as a punishment [don't you love B.F. Skinner?] and they will learn to not do those things. Your example is probably a good one.

If they can't identify their own action as causally related to the undesired outcome (the poorly coded application segfaults during a full moon when precisely three files are opened at the same time), they won't learn what not to do.

If they can't causally link their own behavior with bad outcomes, they don't have any way of blaming themselves: in their mind they didn't do anything wrong.

When they can causally link their action to the computer's response, they might say "fool myself once, I can't fool me again". Or they might blame the computer for "deciding" to do the undesired thing, asking "why can't the computer just work / drop all spam / remove the virus part from the screensaver part / connect to the wifi access point inside the faraday cage? It can't be that hard!".

So in general, there's no default target of the blame. It's influenced by whether the user has a sense of control and their model of how computers work, specifically what kind and amount of freedom and agency the attribute to it.

That being said, I think most people are too trusting of what the computer says to them when they perceive the computer to work correctly (the phrase "lp0: on fire" springs to mind). So if the voting machine says "Your vote for Jefferson has been counted", most people would trust that if there are no dialog boxes saying "FAIL!" with lots of red pixels in them.

Re:if electronic voting

[Falconhell]

Surpisingly I agree with you on this one.

Heres how we do it in OZ.

All paper ballots. Voters must be on the electoral roll 2 weeks before the election, at a minimum.

At all times opening and closing of ballot boxes is done in the presence of representatives of the political parties and the electoral commision.

When you go to the polling station, you are asked your name and ID, which is then marked as voted on the electoral roll.

Votes are then counted under the eyes of party scrutinneers from all parties that wish to have them present.

Easy quick and very hard to game.

It is a complete mystery to me that anyone would think that well organized paper ballots are not by far superior to electronic voting.

Re:"E-Voting Machine Security" like "Microsoft Wor

[penguinbrat]

You have a very good point here - why are these things even doing all the "tallying" on there own? Wasn't the overall MAIN issue was the validity of "hanging chads" and the like - why in the hell can't we have a simple machine with all the same bells and whistles that simply punches the damn things for us?!?!

On a side note - how hard can this stuff be? It's not like they aren't making a fortune from these things - it's seeming like they are barely able to break even so they have to hire "below the barrel" talent...

Where are these machines used?

[Cacadril]

Could people tell us if they are being used in their precints?

Re:Where are these machines used?

[SpaceLifeForm]

Link

Check the map.

Re:Where are these machines used?

[Ron_Fitzgerald]

They must have been in use in Florida around the 2000 election :)

Re:Where are these machines used?

[HTH+NE1]

Link
Check the map.

Whose scripts do I need to enable to see the map?

Actual report:

http://coblitz.codeen.org/citp.princeton.edu/voting/advantage/advantage-insecurities-redacted.pdf

Re:"E-Voting Machine Security" like "Microsoft Wor

[entgod]

They could, in addition to printing the paper ballots, count the votes. That way it would be possible for people to see the votes being cast in almost real-time. I would like it. Of course, the official count would be done by hand.

Elections of 2010

[TubeSteak]

My first thought was "what's the point of publishing this now?"

Everyone (yes, even the clueless people in charge) knows that electronic voting machines are SNAFU, they just didn't have the time/money to do anything about it this election cycle.

2010 should be much different.
Hopefully they'll take the next 2 years to do some criminal investigations into all the substituting and patching of firmwares while they're at it.

Re:Elections of 2010

[mr_josh]

The thing is, I don't think that everyone DOES know. I sincerely HOPE that they don't know, because no one is COMPLETELY OUTRAGED about it, and seriously, I think this should be a "people in the streets with torches and pitchforks" kind of issue. There simply seems to be zero public interest in this (and by "public" I of course mean the non-Slash-reading public) and it boggles the mind that some public figure hasn't jumped on this and made it a platform.

Re:Elections of 2010

I think this should be a "people in the streets with torches and pitchforks" kind of issue.

So you are posting with your Blackberry in one hand, pitchfork in the other, and the torch in your teeth I guess? If not, why do you expect others to?

Re:Elections of 2010

[StreetStealth]

Everyone (yes, even the clueless people in charge) knows that electronic voting machines are SNAFU, they just didn't have the time/money to do anything about it this election cycle.

2010 should be much different.

Isn't that what we were saying in 2004 about how 2008 should be much different?

Don't worry

[iminplaya]

Be happy

Re:So what?

[entgod]

That's quite a lot of fud with not much to back it up with. True, IMNAA (I am not an american) but I'm inclined to think that those who are can have some influence on the next president of the USA or whatever they are voting over.

True, the significance of one vote is not much when there are many voters but it's pretty obvious how the ammount of power one vote wields goes up when the amount of voters goes down.

Hardware Work Around

[Gat0r30y]

Is very simple, and in fact I used it Today! - The Paper Ballot. I marked my choices, and turned it in. Voters in NJ should demand paper ballots, issue solved (sort of).

Re:Hardware Work Around

[NJRoadfan]

They can. Anyone can vote via a paper absentee ballot without an excuse in the state. Heck, there are even commercials from the county clerk encouraging you to do it.

During the whole Diebold mess I had this strange feeling my local shiny new e-voting machines were flawed. I miss the old mechanical voting machines with the big red handle that open and closed the curtain. At least I knew the votes were being counted somewhat correctly.

Re:Hardware Work Around

[ryanov]

I miss those too. Though I never got to use one, I went into the booth with my parents while they voted. How were the votes stored on those things?

Is Robin Williams gonna be the president again?

[akentanaka]

I think I've seen that in the film already..

Individuals' options?

[PaleCommander]

Public outcry, inquiry, and (in some cases) mockery are well and good, and hopefully lead to policy change. However, when it comes time to vote, what's an individual voter to do when faced by an electronic voting machine at the polls? Boycotting doesn't seem like the right course of action here.

Re:Individuals' options?

[ryanov]

I've seen "vote absentee" floated as the answer, though I'm not sure that works everywhere. I'm also not sure I consider that more reliable (what if it never gets there? how can I prove it?).

LOL

[circletimessquare]

actually, i was referring to a scratch and sniff voting system

"hmmm... obama"

scrathscrathscratch

"yay! smells like jesus and cupcakes! ok, now... mccain"

scrathscrathscratch

"uggh. smells like depends and denture cream"

Re:LOL

[db32]

I can't bring myself to make a scented Palin joke.

Every time I get upset about the tremendous disaster that our modern voting is with the rampant election fraud I remind myself... I am getting upset over the fairness of a system that will only let me choose between two criminals for who should be the leader. It seems to me that getting up in arms about the whole voting trainwreck is pretty stupid considering what we are demanding our votes get counted for. When I am faced with a choice more complex than liar/asshole vs asshole/liar I will be more concerned about how my vote gets counted. As it stands now I can rest assured that no matter what I do my vote would go towards putting a liar and an asshole in office.

I mean really now...its like being lost in the woods and choosing if you want to wipe the shit off your ass with your left hand or your right hand. Which hand you choose is pretty tangent to the fact that you are lost in the damned woods. Seems to me we should be a little more concerned about getting out of the woods than to be upset about which hand got shit on it.

Re:LOL

[db32]

Oh yeah...and what does Jesus smell like?
I am torn between sort of a dusty smell or a 2000 year old zombie smell. I guess it depends on your take on the story. Even best case scenario of coming back non rotted they didn't exactly bathe much back then and washing feet was a big damned deal. No matter what, I can't imagine Jesus is a good smell. (love or hate the fan club, regardless of the divine/not divine, the J man was a cool guy...and thankfully he was a Jew so probably has a good sense of humor so I don't have to sweat it much if he was divine)

Re:LOL

Blood, sweat, and tears for humanity (especially if he's watching what the world has become today)?

Re:LOL

[TheLink]

"... I am getting upset over the fairness of a system that will only let me choose between two criminals for who should be the leader."

Aren't there more than two candidates? Can't you vote for the others instead?

Apparently in the past election 60+ million voted for X and 59+ million voted for Y.

But 80+ million didn't bother to even show up.

Think X and Y might notice if the 80+ million voted for Z?

I bet X and Y might also notice even if the 80+ million walked up to the voting booths and voted "none of the above" and thus "spoilt" their vote.

At least the foreign media would be reminding them of it e.g. "Mr President, how can you say you have support of the people?".

Re:LOL

[db32]

You seem to be under the rather misguided impression that Z isn't a criminal too. You seem to hold the strange notion that the people in public office actually want to serve the public. You seem to be confused about "serve the public". It doesn't mean they serve the public like a servant would a master, it means they serve the public like a servant would a dinner to a master. We most certainly aren't the masters, we are the dinner. Good luck finding a candidate to run a campaign that won't become a servant to other masters in the process.

Re:LOL

which hand got shit on it.

Leaves buddy. Leaves.

ES&S has the same crap, as shown by UCSB

[enos]

California ordered a review of all the machines used in the state last year. They would give access to university security labs to one manufacturer's machines at a secure location. I mean the machines were held in cages over night and there was controlled access for only the researchers, etc.
They were asked to evaluate the machines.

UC Santa Barbara did ES&S, and their analysis is here.
They also have a short video on the subject, here it is on youtube

In short, all the machines were utter crap. The "seals" can by bypassed by bending some plastic. The locks can be bypassed with a screwdriver. Plus the software is susceptible to viruses, and they managed to make the machine vote for whoever they wanted. Even though all the machines have the VVPT (voter-verified paper trail).

Re:ES&S has the same crap, as shown by UCSB

[ComputerSlicer23]

I've done work for ES&S at a couple of different points, and can point out several things. First, the reports are mostly accurate (there are a few points which I'd disagree with, but there are a number of legitimate concerns in there). Second, no system is secure without physical security, and a number of the attacks ultimately come down to the state needing to ensure that these machines are treated as such. States are very lax about this, and that is a serious problem (personally I think precinct counters should be there to validate the ballot for the voter and give feedback/warnings or errors, and all tabulation should be done via high speed central scanners. The tabulation of the precinct counters might be kept as checks against voter fraud during ballot transport). Physical security is the single most important aspect of any voting system, with enough physical access any security system can be beaten (see every DRM or anti-cheat system for gaming). Unless it's fairly far into the videos, the video stuff is actually about the Sequoia not about ES&S systems. The PDF report linked to does include several chapters about the ES&S systems (all of part II).

Most of those that are dealing with the M100 and the M650 should be dealt with with the next generation of hardware/software for the newer paper scanner products (don't want to comment on the others as I didn't work on or with any of those). Not sure what ES&S's view is, but my personal view is that all DRE machines should be shipped to the nearest blackhole for permanent storage.

There is also some help in addressing some of the concerns about the review of proprietary software. Other then the Java compiler and the cryptography pieces (which are required to have FIPS complaince that most OSS products lack due to expense), all of the software is Open Source and is compiled during the system builds. I believe only one or two libraries aren't compiled from scratch on the machine (the commercial crypto tools, and the Sun JDK). I wouldn't be shocked to find out that OpenJDK is compiled on some future release. Every tool and/or line of source used to build the system has an MD5SUM, and a SHA1SUM along with the external site the software was retrieved from. Other then the crypto and the Java tools, all of the tools are built from source (a LiveCD distro with a minimal dev environment to build GCC, glibc, make, perl and a couple of other tools are bootstrapped into a chroot). It is fairly straight forward to use walk into a secure room and a blank PC with no software on it and end up with 99% of the software that ends up on the M100 replacement product. Two embedded compilers require windows that are built separately.

Another issue is that resolving issues quickly on election day is internally an important quality to the company. There are some security aspects that would be a disaster if the slightest thing goes wrong. With a deployment that large, by a mostly volunteer group, there are always significant mistakes and "proper" security would get in the way. The inability to do field firmware upgrades, because somebody in the state failed to upgrade the hardware before it shipped would be a disaster. It happens in every election despite all the procedures and guidelines. So part of the "only one key" thing falls into this category.

Finally, the most serious problem with all of the software is that no programmer in their right mind can deal with the various rules and obligations for VVSG compliance. I'd spend a day writing, unit testing, and writing "normal" documentation. Followed by at least a day or two of writing all of the required documentation, none of this included the stuff we had tools to auto-generate. I had to write the code first and document afterwards because it was hard to be concise and see all of the related code at a time when it was fully documented.

They require the generation of inane and superfluous documentation, and are bureaucratic and dogmatic about enforcing the rule co

Re:ES&S has the same crap, as shown by UCSB

[enos]

You're right, the ES&S system was for a different study. The one presented is Sequoia. That's what I get for posting tired ;)

Thank you for the post, it's great to hear about how the companies are run. Don't take the rest personally, it's a reply to you but addressed to your (former) bosses:

Though most of the difficulties you talk about are things faced by any large project. File management and documentation? Please. All projects have to handle this. Apparently the Sequoia system is also a hodgepodge of many languages, I think they said around 10. That's a lot and makes debugging and audits more difficult while introducing more potential holes. I don't know if the ES&S system is that bad, too.

Hell no the firmware shouldn't be upgradeable in the field. That's another way for undetected tampering to get in. If you're fixing things up right until the last minute, the damn thing isn't ready for prime time. Use the paper ballots for that election. The firmware should only be upgradeable under public supervision.

And what good are the checksums if they're not checked? I don't see why the firmware can't do a checksum of the entire system before each voter comes in. Heck, use a TPM chip, they've been common on consumer machines for the last 2 years. That will give you a chain of trust and help you detect tampering. Anything on the machine should be signed by both the manufacturer and the state.
But heck, with hard-coded keys and 16-bit hash functions, it's clear that the security is not only on the back burner, it's implemented by idiots. And I mean that term. Idiots.

As for the screwey state by state laws, yeah, so what. All of that is in the user interface, and can be abstracted pretty easily. Sure it will take time to implement each thing, but not that long. It should have NO effect on security. Heck, get some people who write tax software to do it. The tax code is complicated as hell and they're managing to slog through it.

Sure, it's not just voteCount++, but it's not that difficult that the utter shit that these companies put out is the best that can be done. Hire some competent people for pete's sake. And listen to them!

Stalin said it best: "It's not who votes that counts, but who counts the votes."

Re:ES&S has the same crap, as shown by UCSB

They really need to test the vulnerability of these machine in a reasonable environment and circumstances. I mean for all I know, all these machines are vulnerable to sledge hammer attacks, but then again, how many LCD panels or computer monitors are invulnerable to such attacks. They try and exploit the machines in the same kind of conditions in which the machines would be used. In a monitored environment with limited time access, and under the risk of being detected. Anything else is just bullcrap, its like claiming vaults are effective because it can't stand a nuclear blast.

Re:ES&S has the same crap, as shown by UCSB

[enos]

Destroying the machine with a sledge hammer isn't going to change the election. The votes on the paper tape won't be lost.

Lots of people have access to these things before the election. In some places the precinct captains take them home. The average age of the volunteers at elections is 72. I find old people trust me when I tell them something technical needs to be done.
There were examples of viruses, where one infected machine will spread the virus to the others through the central tabulator.

These attacks aren't nuclear blasts. They're light punches. Basic security design would guard against them.

Simple paper ballots, overseen by observers

[bboxman]

Simple paper ballot. Allow observers from all interested (political) parties to monitor the voting station and the count.

Presto, solves verification of the internals of the not so obvious "voting machines". Voting machines aren't truly verificable.

Re:Simple paper ballots, overseen by observers

[AK+Marc]

Voting machines aren't truly verificable.

Why not? What if the "machine" was a huge wheel with a counter for each candidate. There is a back room that has every candidate represented, and they verify that for every person that enters (they can't see the person) that the wheel only moves one slot. The person voting picks who they want and watch the wheel increment by one, then leave. That's a "machine" that is truly verifiable, isn't it?

And what about a machine that casts the votes, but doesn't tally them? Print the votes, then scan them. If there is a question, then people can check the paper ballots. That't also instant and verifiable.

It seems to me that people too stupid to come up with answers to questions assert that the answers are impossible. Any person that suggests something that works (even if impractical, but I'm just posting a couple proof or concepts, not actually solving the problem) is shot down despite *proof* that the person is wrong.

There is nothing inherently wrong with machine voting. Machines have been used for voting in some manner or another for more than 50 years in the USA, and electronic systems are used reliably and quite trusted in Brasil. To assert that they can't ever be made to do something just means the person making the assertion is too stupid to solve the problem. But I agree, anyone that claims that machine voting can't be verified is certainly too stupid to figure out how to make it so. It takes someone that can actually think to solve problems, rather than just rant how they don't want the problem solved.

Re:Simple paper ballots, overseen by observers

[bboxman]

There are two sides to verification:
1) The machine records the votes as cast by the voters.
2) The machine doesn't allow reconstruction of the vote cast by any particular voter.

While #1 might be verifiable (though difficult, in a complex electronic system), #2 is extremely difficult to actually verify. For instance, with your "wheel" system, it is possible to reconstruct the first vote cast (and with voter collusion, the vote of any particular voter, by simply recording the position of the wheels prior to the vote of any particular voter).

Machines have been used in the US, and it stinks. Many countries have stuck to simple paper ballots -- and it works -- it's easier to verify such a system that relies on people appointed by the interested parties (and yes, there is cheating in such systems as well -- but cheating has to reach a huge amount of people to be effective (assuming each polling station with an observed ballot polls ~1,000 people)).

Re:Simple paper ballots, overseen by observers

[AK+Marc]

There are two sides to verification:
1) The machine records the votes as cast by the voters.
2) The machine doesn't allow reconstruction of the vote cast by any particular voter.

Point #2 is irrelevant to the discussion of vote verification by the caster to make sure it counts. And if it's done clandestinely, then it isn't an issue. You can't use a vote against someone without telling people about it. Getting so many people together (including cooperation by multiple people of differing parties) is technically possible. But then, so is placing an invisible camera in every booth and recording every vote now. It would be easier to record votes in means other than what you describe, and it isn't done now. So why, when we make it harder to do, would people start doing it?

Many countries have stuck to simple paper ballots -- and it works -- it's easier to verify such a system that relies on people appointed by the interested parties (and yes, there is cheating in such systems as well -- but cheating has to reach a huge amount of people to be effective (assuming each polling station with an observed ballot polls ~1,000 people)).

Why do you care about cheating? The non-cheating ballots have been discarded or ambiguous in such numbers as to be able to change every presidential election in my lifetime. The non-cheating errors exceed the margin of election most elections of any kind. And electronic voting where there is a voting kiosk that prints ballots and the kiosk itself is destroyed in an incinerator at the end of the election day would be more reliable, less #2 prone, and easier on all involved (other than cost). Not saying it's a recommendation, but since it's quite possible to come up with many many many ways of doing electronic voting better than the current paper/pen methods, anyone that dismisses electronic right out can't be evaluating it objectively.

Argue cost. Argue about what particular implementations might have for flaws. But to claim that people will be buying votes because they are trackable with electronic systems is absurd. I could track the vote of any single voter I wanted to now. And much more easily than doing it through an electronic voting system. To claim it will increase fraud is absurd. How is one-man one-vote with paper/pen different from the same with a voting kiosk that prints out votes? Stuffing has happened with all voting systems, paper, mechanical non-electronic, mechanical electronic, and non-mechanical electronic. To claim one is more prone than another for one type doesn't mean it applies to all other types, or even others within that same type.

I'm not saying one is better than the other. I'm stating that a machine printed, human readable ballot will reduce errors compared to paper and pen. I'm stating that those who claim "electronic voting" (and throw in everything that isn't paper and pen into that) is worse than paper/pen voting can't know that to be true.

For #1 to be true, one must be able to verify their vote *after* it has been counted. For that to be true, #2 can't ever be true. The more you make #1 a priority, the more you break #2. I submit that it's more important that your vote be cast, than your vote be anonymous. Everyone else seems be OK with a system that gives a reasonable chance of your vote counting, as long as they think it unlikely someone could figure out how they voted. I believe every vote should count and count in the way the voter intended. If that means that there are a few improbable and quite difficult means in which someone might be able to reconstruct my vote, I'll take that for 100% verified votes.

Re:"E-Voting Machine Security" like "Microsoft Wor

[corsec67]

On a side note - how hard can this stuff be? It's not like they aren't making a fortune from these things - it's seeming like they are barely able to break even so they have to hire "below the barrel" talent...

Making a machine that counts or tallies votes shouldn't be very hard, and should be a first year programming assignment.

Making that whole system *secure*, otoh, is almost impossible, especially when it is something as large and distributed as a national voting system. If a company could actually make a completely secure voting system, they could also have a good DRM system. (Yeah, I did say "good DRM system", which shows how possible I think that is)

From Ken Thompson's essay Reflections on Trusting Trust, he says it isn't enough to check the source code, you also have to check the compiler, the output from that compiler, and I would add, in the context of a voting system, everything that is or could be in the system/network.

Re:No problem, just put a disclaimer on the machin

Re: your sig
I got

Result: 1337 Errors

 
Nice.

Re:"E-Voting Machine Security" like "Microsoft Wor

[SlashDev]

It's just as reliable as the computers, network, memory and hard drives you used to keep your bank records and run the stock market. I don't see anyone complain about those....

Re:"E-Voting Machine Security" like "Microsoft Wor

Count the paper ballots.

And you would trust the counters? This is a perfect opportunity for a triple vote styled tally. Let independent verification of the source code for the voting machines occur, with an associated md5sum. Then, use video cameras to ensure that the md5sum of the executable which is loaded onto the voting machine matches what has been inspected. Record video during the 12-16 hours between the installation of the machine executable and the close of the polls (at which point, the machine is made to submit its official tally).

Then, take the machines count and use it for the "instant gratification" tally that gets reported on the news. Next, get a group of democrats to independently verify the count (if they choose to) and a group of republican to independently verify the count (if they choose to). If two out of the three votes match-up... you are golden. If only one extra group "wants to" do their own verification AND it disagrees with the machines vote to the point where a different result is obtained, then give the opposite party a chance to do their own verification.

If the machine agrees with the democrats, then you have reason to suspect the republicans of unfair play. If the democrat vote agrees with the republican vote, you have reason to suspect the machine of unfair play. If none of the tally's agree, review the 16 hours of video tape and search for evidence of unfair play. If no evidence is found AND assuming the machine votes match the number of people who use the machines throughout the day, do two or three recounts until either the republican group or democratic group gets a value that matches with the machine vote (or the other groups vote). If no agreement is found after the recounts, go with the machines tally.

In any case... ANY VOTING MACHINE WHICH IS RUNNING ON UNVERIFIED PROPRIETARY SOFTWARE SHOULD BE SUSPECT OF UNFAIR PLAY.

Re:"E-Voting Machine Security" like "Microsoft Wor

E-voting done well is far superior to paper voting done well. The costs are far less, it's more convenient, and more environmentally friendly. E-voting systems are still in their infancy, and guess what, the first computers were pretty worthless too, but imagine life without them now.

Re:"E-Voting Machine Security" like "Microsoft Wor

[log1385]

Is it all that hard to create a secure voting system? People send their credit card numbers over the internet all the time. Insurance companies and hospitals use computers to store some very sensitive information. Why can't voting machines be as secure as these?

Re:"E-Voting Machine Security" like "Microsoft Wor

[corsec67]

Because those are different cases.

The user isn't going to hack his own computer to get his credit card number. Hope that persons computer doesn't have a virus or key logger.

That insurance company or hospital hopefully will have physical security protecting their machines. That doesn't always work, surely you have seen the articles about x million peoples data lost from (company of the week).

Securing E-voting is really like DRM: you want to distribute a device to potential hackers, and keep it secure from those hackers.

If I didn't know any better

[WillAffleckUW]

You know, if I didn't know any better, I'd say that this was the same company as Diebold.

Oh, wait, it is ...

Re:If I didn't know any better

[Geoffrey.landis]

You know, if I didn't know any better, I'd say that this was the same company as Diebold.

Oh, wait, it is ...

No, it's not; it's the other one. (Diebold is the same as "Premier Election Solutions".)

cf info at eff.org

(blackboxvoting.com isn't a bad source of info, either).

Re:"E-Voting Machine Security" like "Microsoft Wor

[corsec67]

Because the people with *physical* access aren't (usually) the people trying to hack the systems.

Re:No problem, just put a disclaimer on the machin

Then it can be known as E-Meter-ing E-Voting!

Re:"E-Voting Machine Security" like "Microsoft Wor

[vtcodger]

***E-voting done well is far superior to paper voting done well. The costs are far less, it's more convenient, and more environmentally friendly*** Sounds like utter and complete hogwash to me. E-voting is a complicated solution to an simple problem. The US uses all sorts of moderately complex and expensive mechanical voting aids that invariably lead to complaints of fraud, malfeasance, or failure to register votes (because they are busted). Canada uses paper ballots and counts them in a few hours. The paper ballot system is not broken. We should quit trying to fix it until we get a LOT smarter.

Optically-read Paper Ballots

[tonytnnt]

My state uses optically read paper ballots. I think it's the best of both. It can be machine read, but the paper ballot is still there to double check or recount. Is it really that hard to fill in a bubble with a #2 pencil?

Re:Optically-read Paper Ballots

[NJRoadfan]

Reminds me of every time I took a Scantron test in school. Every class we always used to double-check the graded tests for errors because the teacher didn't trust the machine. Even with today's machines, there are grading errors from time to time.

Hell at this point..

[k1e0x]

Ya know, I don't think I've ever voted for anyone that has won in my life. I'm so agaisnt everything that is going on.. Bush, Obama, McCain.. whatever.. none of these idiots believe in my liberty.

Why not just let politicians vote for us.. its cheaper and as far as I can tell it produces the same results. Why bother keeping up the charade that the people control this country?

Re:Hell at this point..

[Urza9814]

Uh, politicians _do_ vote for us. This isn't a democracy, it's a republic. Sure, most states require them to vote the same way we do, not always, and there have been cases where they haven't.

Re:"E-Voting Machine Security" like "Microsoft Wor

[HTH+NE1]

The only thing a e-voting machine should be used for is printing a paper ballot.

Count the paper ballots.

You also have to make sure it prints completed ballots when and only when a voter is present and voting, once per voter.

And only when the voter has made all his choices and warns the voter if he leaves without completing the ballot submission process.

no

[circletimessquare]

people can use computers, television, and the car, but they don't have to trust them. in fact, they don't. the tv has the biased media on it. the computer spies on them with cookies. the car is always breaking down. sure, they still use thes tools, but that's not a question of trust going on with these things in the same way it is going on with their voting system. you do not have the same relationship you have with your tools that oyu have with your social environment

a government is a purely human construct. its all about social structure and where you fit into it. its all about trusting or not trusting the other people around you. its a completely different dynamic. and a sliver of doubt about how the social hierarchy around you works can only grow if you are dealing with a black box voting system

what i'm saying is that your allegories are unsound

Re:no

[Falconhell]

"people can use computers, television, and the car,'

But not apparently, capital letters.

Re:no

[NoisySplatter]

But not apparently, capital letters.

It appears that some people also have trouble with sentence structure.

Re:no

people can use computers, television, and the car, but they don't have to trust them. in fact, they don't. the tv has the biased media on it. the computer spies on them with cookies. the car is always breaking down. sure, they still use thes tools, but that's not a question of trust going on with these things in the same way it is going on with their voting system. you do not have the same relationship you have with your tools that oyu have with your social environment

I can honestly say that I put a great deal more trust in my car on a daily basis than I do in my government.

Re:"E-Voting Machine Security" like "Microsoft Wor

[cjb658]

Don't be so sure about that

Re:"E-Voting Machine Security" like "Microsoft Wor

[cjb658]

Absolutely. Would you trust your credit card number to SSL if you knew there were hundreds, maybe thousands of professional hackers trying to sniff it?

An obvious question...

[Dzimas]

Why doesn't the US revert to paper ballots? We just held a federal election in Canada, and things worked just fine with a good old fashioned pencil and a small paper ballot (well, actually more like thin card). It took us a matter of hours to successfully decide the fate of the country for the next X years without the need for millions of dollars worth of mysterious electronic machinery.

Re:An obvious question...

[Ian+Alexander]

Because people in America are dumb and assume that since paper is simple it's necessarily less secure than computers.

Re:An obvious question...

[penguinbrat]

My guess would be that we are either very comfortable with the way things are, or we are to stressed out with the day-2-day stresses of our chosen lifestyle to bother with any possible fiasco that could occur - while the powers that steer us are corrupt and only concerned with their money and taking more of ours.

Re:An obvious question...

[WamBam]

There has been problems with paper ballots. Look up hanging chads. The paper balloting system is not foolproof and ballots can be lost or damaged. For many states, electronic voting machines seemed like a good solution and certainly after the 2000 elections, I'm sure they wanted to make sure that future contests went smoothly. But they rushed into something that they did not fully investigate and understand. Certainly, one day we'll all be using e-voting machines... unless there's a zombpacalypse and my mix of witty one liners and shotguns skills makes me the unquestioned lord and master of the living.

Re:An obvious question...

[rrohbeck]

One argument I heard, and you won't believe this:
"Because then the recounts would take forever, and we might not have a valid result by January with all the court cases as a result."
I don't remember which corner that came from, but it sounds as if it would take weeks to count a couple 1,000 votes in any contested districts.

Re:An obvious question...

[TheLink]

Or because people in America are dumb and it is beyond the average volunteer to be able to count votes by hand accurately in a timely manner.

OK now... 1, 2, Uh what comes after 2? *asks bystanders* One thousand and fifty two? OK.

Re:An obvious question...

[DNS-and-BIND]

Uh, the PRI in Mexico succesfully rigged elections for 90 years, using nothing but paper ballots. Heck, the 1960 presidential election was rigged in Texas and Illinois, throwing the election to Kennedy instead of Nixon - using nothing but paper ballots.

Re:An obvious question...

[mevets]

I'm not American but I think in US elections they have a large number of things to vote for, from president to how often garbage gets picked up. Canadian elections are simple - one check mark on one sheet of paper; occasionally there is a mini-referendum, so two check marks on two pieces of paper.

Re:An obvious question...

[Ian+Alexander]

Well shit! You don't mean to say that if crooks run the election... crooks will be elected?!

The important factor is not the exact technology, it's how the votes are counted and by whom. That's all I was saying. Paper CAN be abused, but so can computers, and, by the looks of some of the videos I've seen floating around, computers can be easily and efficiently abused. Both can be hacked by a closed counting process which places absolute trust in one group of people to pronounce the winners of an election.

Re:An obvious question...

[Dzimas]

Yes, that is a valid point. However, Canadians have municipal elections with multiple paper ballots (each a different color). After we mark our X in the appropriate spot, we drop each into the appropriate box. There's no fuss with "hanging chads" or overly complicated layouts.

Re:An obvious question...

[mevets]

We have municipal elections?

Re:An obvious question...

Why doesn't the US revert to paper ballots?

Insufficient opportunities for profiteering.

We just held a federal election in Canada, and things worked just fine with a good old fashioned pencil and a small paper ballot (well, actually more like thin card). It took us a matter of hours to successfully decide the fate of the country for the next X years without the need for millions of dollars worth of mysterious electronic machinery.

The senator's brother works for the mysterious electronic machinery provider. Do you get it now?

One hand washes another, and they are all so dirty they need constant washing.

Re:"E-Voting Machine Security" like "Microsoft Wor

[Original+Replica]

Making that whole system *secure*, otoh, is almost impossible,

Making a human and machine readable, voter verified, printout is far from impossible in fact it's simple. Safely getting Paper ballots from the voting locations to a central polling place is simple. Counting the human and machine verifiable ballots with a high degree of accuracy is simple.
Now making a e-voting system that is obtuse and vague enough that elections can be skewed with a good sot at deniablity and a complete lack of papaer trail? That's difficult.
There have been dozen of high security, low cost/technology, handicapped accessible solutions proposed here on Slashdot. It is quiet obvious that a secure voting system isn't the actual priority, when these systems are purchased. It stands to logic that there is instead a different priority. I have to wonder what that priority would be, that doesn't qualify as treason.

Re:"E-Voting Machine Security" like "Microsoft Wor

[Amazing+Quantum+Man]

Absolutely. Would you trust your credit card number to SSL if you knew there were hundreds, maybe thousands of professional hackers trying to sniff it?

You mean there aren't?

Re:"E-Voting Machine Security" like "Microsoft Wor

[fuzzyfuzzyfungus]

There are three problems with that analogy: Centralization vs. distribution, steady load vs. bursty load, and willingness to pay.

Things like financial recordkeeping and stock trading are relatively steady, constant, loads that can be handled in a fairly small number of highly centralized locations, for which people are willing to pay a great deal of money.

Voting is a highly bursty and uneven load, spread across tens of thousands of sites and systems, for which people don't seem willing to spend all that much.

It is definitely true that voting machines can be made secure in theory(and we know that they could be made far more secure than the are: not only are the current models not good enough, they aren't even as good as current generation consoles); but the analogy between voting systems and financial systems is weak and misleading. More accurate might be an analogy between voting machines and point of sale systems. Unfortunately, those are plagued by card skimmers and similar, despite the fact that they have the advantage of it being possible to calculate the "correct" outcome. It is fairly easy to detect and rectify fraudulent transactions just by looking at financial records. You can't do the same with votes.

Paper ballots are ABSOLUTELY safe!

[mangu]

Count the paper ballots

Yeah, right! NO ONE can cheat in an election with paper ballots! The concept of a corrupt government did not exist before the invention of electronic voting.

*BULLSHIT*

Reading TFA: This is done by prying just one ROM chip from its socket and pushing a new one in, or by replacement of the Z80 processor chip. We have demonstrated that this ``hack'' takes just 7 minutes to perform.

Do you want to make a bet? Let's see how many paper ballots I can stuff in 7 minutes, given the same level of physical access one needs to change a chip in a computer. This means I can open a box, right? It doesn't matter if the box is electronic or not, it should have a padlock. If I can open the box, with no one noticing, it doesn't matter if the content is electronic or paper.

The intrinsic safety of electronic voting comes from the agility in counting. Counting a paper ballot box takes much longer than it takes to fill that box with a totally different set of votes. By the time you have counted, recounted, and counted again those paper votes, they could have been substituted a dozen times.
 

Re:Paper ballots are ABSOLUTELY safe!

[corsec67]

Lets change your bet a little bit. The 7 minutes are 2 days before the election. You get private time with the ballot box, I get private time with the voting machine.

What can you do to the ballot box that wouldn't be noticeable 2 days later and still affect the vote?

I was an election judge for Boulder County in 2004. Part of my duties as the head election judge for the precinct was to make sure that there was noting in the ballot box and seal it. From that time until I handed the box to the county officials, it was not left in the presence of any single person, so nobody would have 7 minutes during the election day.

You can't stuff the ballot box 2 days before the election with nobody being able to notice.

**THAT** is what they are complaining about. The machines were left in publicly accessible areas for days before the election. Replace one of the chips with that 7 minutes, and it would take a very detailed examination to notice the problem.

Re:Paper ballots are ABSOLUTELY safe!

[mangu]

I was an election judge for Boulder County in 2004

And I was an election judge for Itatiaia, in Brazil, in 1998. I had more or less the same duties as you had. It was an electronic box.

I inserted a flash card with the software, including the operating system, which was given to me by an officer of the electoral court minutes before the election started.

If you can corrupt a representative of the judge who is responsible for declaring if the vote is correct, does it matter if the box is electronic or paper?

From that time until I handed the box to the county officials

You are ready to swear for the honesty of those county officials, yet you don't trust the people who handled the electronic box before the election?

The machines were left in publicly accessible areas for days before the election.

That's *WRONG*, no matter if the ballots were paper or electronic. No part of an electoral process should be left unattended at any time at all.

To sum up, you have absolute trust in the paper voting system, because you have absolute trust in the way the paper ballot was handled *AFTER* the election, but you mistrust the electronic vote because you mistrust the way the electronic box is handled *BEFORE* the election.

For me, both systems can be corrupted, but the electronic system is better because, given the same level of precaution before and after the election, the electronic system gives faster results. To cheat, you need physical access to the system, so the quickest system is safer.

Re:Paper ballots are ABSOLUTELY safe!

[corsec67]

If you can corrupt a representative of the judge who is responsible for declaring if the vote is correct, does it matter if the box is electronic or paper?

Not really, no.

That's *WRONG*, no matter if the ballots were paper or electronic. No part of an electoral process should be left unattended at any time at all.

What about when the stuff is in storage? What if someone replaces the processor with a near duplicate that changes the voting output when certain conditions are true (time, the ID of the election, number of ballots cast, etc?)

You are ready to swear for the honesty of those county officials, yet you don't trust the people who handled the electronic box before the election?

There weren't just election officials, there were poll watchers and other outside groups watching as well. If it was a pure electronic voting, there wouldn't be much to watch, though.

To sum up, you have absolute trust in the paper voting system, because you have absolute trust in the way the paper ballot was handled *AFTER* the election, but you mistrust the electronic vote because you mistrust the way the electronic box is handled *BEFORE* the election.

Somewhat, yeah. I don't trust the computers because it is so easy to change them, change values, have code that doesn't execute for a while, etc. It isn't that I have absolute trust in paper ballots, I just can't think of a better solution. Electronic voting is way down on the list of voting systems I trust.

For me, both systems can be corrupted, but the electronic system is better because, given the same level of precaution before and after the election, the electronic system gives faster results. To cheat, you need physical access to the system, so the quickest system is safer.

Except that it is really hard to corrupt a paper ballot before the election. Faster vote tallying also means faster vote tampering. I don't know why you think fast processing means safe. Paper voting isn't perfectly secure. It is just that almost all tampering will leave evidence. That isn't true at all for pure electronic voting.

Re:Paper ballots are ABSOLUTELY safe!

[innerweb]

Except that it is really hard to corrupt a paper ballot before the election. Faster vote tallying also means faster vote tampering. I don't know why you think fast processing means safe. Paper voting isn't perfectly secure. It is just that almost all tampering will leave evidence. That isn't true at all for pure electronic voting

Bravo, my sentiments exactly!

Paper is hard to corrupt before the election, yet, it has been done. I think the real problem is that we the people care to little about the security of our nation's governance and more about what is on TV tonight. Secure and unspoiled elections start with lots of nosy people poking into every aspect of the election. When a company in Texas can remove voters who legally ought to be allowed to vote, or dead people can be registered to vote, the process still leaves much to be desired. I would prefer we focused our energies on fixing these issues first, not modernizing to a new set of issues we already know are not workable in so many other similar uses.

InnerWeb

Re:Paper ballots are ABSOLUTELY safe!

[rtb61]

You obviously have no idea how a regulated manual system works wnen the government is corrupt and already using force to sustain it's rule. In a manual system, there are volunteers from all parties attending the ballot process, including, sealing of empty ballot boxes, handing out of the ballots, monitoring the filling of the ballot boxes, unsealing and emptying of the ballot boxes, and counting of the ballots. Normally the voting and ballot counting occur at the same location avoiding transport of ballot box problems.

In addition to the volunteers from all parties doing all the work, their are paid officials who supervise and monitor the activities of the volunteers. In a lot of countries the election takes place on a Saturday, to ensure easy access for volunteers and well as of course for voters and enabling the use of the numerous school halls available around most countries for the voting and vote counting process.

So cheating is enormously difficult and only really happens in regional areas, where the volunteers are all from one party and the election official is also corrupt, catch is only one or a handful of polling booths out of thousands is corrupted and, in reality only has negligible impact upon the election as a whole (and the risk is huge and the penalties severe).

With electronic voting machines and electronic vote counting machines of paper ballots, all with secret unverifiable code, as well as unverifiable electronic chips (how many are removed from their plastic housing and microscopically scanned and analysed), the whole election can be rigged and the electorate has absolutely no means by which to verify the validity of the electronic election process and even with receipts of electronic votes, the winning party will simply deny the chain of legal possession of those receipts to verify their authenticity. Only a fool would think that stuffing one election box at one polling booth, would compare with hacking the voting machines, the transfer of the output of the vote counting machines to the data analysis location and of course the data output of the analysis device.

Elections are all about people governing other people, so people should be fully involved in the control of and verification of every part of the process. The election is the single most fundamental part of any democracy and every step should be taken to ensure it's safety and validity, from voter registration to the final vote tally.

Re:Paper ballots are ABSOLUTELY safe!

[Fotherington]

No, he has trust in the system because of oversight. In the case of paper ballots in the UK, there are many experienced people of different political parties involved in counting the votes, and actual boxes of ballots that must be stuffed and the contents of the old boxes got rid of; in the case of the machine there's just one official to load the programme, and an electronic audit trail that can be rewritten.

Re:Paper ballots are ABSOLUTELY safe!

[laird]

"For me, both systems can be corrupted, but the electronic system is better because, given the same level of precaution before and after the election, the electronic system gives faster results."

It's not particularly important how fast election results are generated. What is important is how trustworthy the results are.

If votes are cast on paper ballots, then you can inspect the ballot box before the election to see that there are no ballots in it, you can watch as people cast their ballots, and you can watch the box after the voting is done, and you can watch the ballots being counted, and you can physically secure the box, and you can recount the ballots, inspect them, audit them, etc. All of this relies only on direct human observation, not trust of any individual or third party.

If votes are cast electronically, they are by definition invisible, and not open to direct inspection. At best, you can use tools provided by a vendor to do so. This means that you must trust the vendor for every step in the process. You can't prove that the machines have no votes stored, just that the report ran and printed a '0'. You can't prove that the votes were recorded properly during voting. You can't prove that the votes were communicated properly. And you can't prove that the votes were counted properly.

In particular, the DRE voting systems with flash cards that you used in your election are completely untrustworthy. Even if you followed every procedure precisely, there's no reason to believe that the reported vote tallies were accurate.

Re:Paper ballots are ABSOLUTELY safe!

[hey!]

I inserted a flash card with the software, including the operating system, which was given to me by an officer of the electoral court minutes before the election started.

If you can corrupt a representative of the judge who is responsible for declaring if the vote is correct, does it matter if the box is electronic or paper?

Well, that's the wrong question. The question is how does the judge and his representative know that the flash card contains what it is purports to? How do they know that machine will do what they intend it to when the flash card is inserted? For that matter, how do they know the machine cannot be altered after the flash card is inserted?

These kinds of questions are command and fundamental to computer security. Phishing is just a technically crude version of a common paradigm: trick people into thinking they are doing one thing with a certain party when they are doing something else with a different party. Very sophisticated forms of the same attack can take in much more sophisticated people.

The judge, his representative and you can all, in complete honesty, think you are doing one thing, but if any part of the system, from the voting machines themselves to the software used to prepare the data for it, if any part of the system cannot be trusted then you don't literally don't know for sure what you are doing.

There are all kinds of way that electronic machines, if they can be trusted, can prevent specific kinds of fraud. But the most fundamental and important tool for dealing with fraud is detection. With a pure electronic system, there is no way to demonstrate that the results given reflect the votes people cast. Even if the difference is a matter of a technical glitch, it is not necessarily detectable.

Where bad totals created by bugs are detectable, the true totals can't be reconstructed, which changes elections. It is therefore possible to deliberately alter elections by introducing innocent looking technical faults that spoil the votes in some way that is statistically useful -- e.g., when the machines are not maintained, or when more than a certain number of votes are recorded..

Re:Paper ballots are ABSOLUTELY safe!

[dprovine]

For me, both systems can be corrupted, but the electronic system is better because, given the same level of precaution before and after the election, the electronic system gives faster results. To cheat, you need physical access to the system, so the quickest system is safer.

It is true that a corrupt election official can change some votes no matter what system you are using. But think about the scale. If the guy who gave you the flash card rigged it slightly, that one person could in theory change millions of votes undetectably. He could have the card rigged to throw 1.5% of votes toward his preferred candidate, and then to erase the code which makes that happen. And it would affect everyone he gave a card to.

With old-style paper ballots, one person can change a bunch of ballots -- but there's no way, without electronic automation, for one person to change tens of thousands, or even millions, of ballots.

It wouldn't even have to be an election official; an individual employee of the voting machine company could do it. And there's no way that you as a voter, or election official, or anyone but an expert in computer forensics with plenty of time to access the machines would ever be able to know.

The problem with voting machines that don't have paper ballots is that they are too complicated for anyone to guarantee that they haven't been rigged, and without paper ballots there's no way they can be audited.

Yes, paper ballots can be discarded or counted dishonestly. But without automation, no single person can affect a significant percentage of the votes.

Re:Paper ballots are ABSOLUTELY safe!

[Idarubicin]

So cheating is enormously difficult and only really happens in regional areas, where the volunteers are all from one party and the election official is also corrupt....

In Canadian elections (and I suspect in many other jurisdictions as well), staff at polling places are drawn from lists provided by the local party associations. The two parties which received the most votes in the previous election each get to submit a list of names of people the party thinks are sufficiently trustworthy and competent to check names off the voters' list and count ballots. Each polling place is then run by two people: one from each party's list.

In other words, representatives from two different parties have to sign off on everything, from the fact that the ballot box started out empty to the ballot counts at the end of the day. These staff are supervised and paid for their work by a non-partisan body, Elections Canada. (Paying people sometimes works better than relying on volunteers....)

As an additional check, any candidate in the election can send representatives ('scrutineers') to monitor any part of the process for irregularities. Because the whole system is based on paper ballots in a cardboard box, there are no problems with making sure that everyone understands the technology. (It's a lot easier for the average layperson to understand paper ballot stuffing compared to corruption of an electronic voting system.)

Re:So what?

[kesuki]

"That's quite a lot of fud with not much to back it up with."

damn lameness filter, the 9 megabyte pdf is not FUD, it was a court ordered analysis of the voter system used in new jersey. http://coblitz.codeen.org/citp.princeton.edu/voting/advantage/advantage-insecurities-redacted.pdf

NOTE REGARDING REDACTIONS. As paragraph 1.1 and Appendix L explain, this research was conducted pursuant to a Court Order by the Hon. Linda Feinberg of the New Jersey Superior Court. Sequoia Voting Systems filed a motion alleging that certain parts of this report contain protected trade secrets. Plaintiffs dispute Sequoia's contentions. Judge Feinberg has expressed her intention to preserve Plaintiffs' objections until the time of the hearing when she will rule on the merits of Sequoia's claims of trade secret. We are confident that the Court will then permit release of the full, unredacted report. In the interim, the Court encouraged us to release the report with redactions. Paragraphs 19.8, 19.9, 21.3, and 21.5, as well as Appendices B-G, are redacted in this release.

Re:"E-Voting Machine Security" like "Microsoft Wor

[peragrin]

you do realize that most e-voting machines run windows right?

The base OS in these machines is fscked from the beginning, there is no way to secure them completely.

If they used Open BSD, stripped of all unnecessary components compiled from scratch from at least two different compilers to double check all the out puts and inputs then you have a reasonable base to start with. DRM on all software pieces is also needed. at the very least a hash system to approve updates unless they occur 10 days before and 10 days after the election day. During that time no updates should be allowed. while it doesn't prevent tampering, it does limit options and things can be double checked so anomalies can be seen easier.

Paper Schmaper

Why the love affair with paper ballots? How do you think paper ballots get counted? By machines! Do you distrust those machines as well? Then your only recourse is to have humans manually tally every vote on every race/issue on every ballot. Hmm, what are the chances that errors are involved in human counting? Ever notice that repeated manual recounts tend to come up with different totals on every iteration?

Yes, machines can be wrong for various reasons including human error and malfeasance. However, mechanical errors are quantifiable, relatively easily detected and corrected. Human error by its nature may be difficult to detect and virtually impossible to correct.

I think we're much better off going the e-vote route and working to improve the systems over time rather than the Luddite approach suggested by the paper zealots.

electronic voting in brazil is wrong

[circletimessquare]

electronic voting in any democracy is wrong. it is nothing about americans or brazilians, it is baout putting your trust in a system which is more easily exploitable

do you think electornic voting is more or less exploitable than paper voting?

if you think it is less exloitable, you fail at logic

assume system a is more complex than system b. out of a simple logical conseuqence of it being more complex, it has many more avenues for exploitation in it

you need the cooperation of dozens of campaign workers to make small, easily identifiable dents in a national election with paper voting. losing boxes of records, adding fake ones... this takes work and cooperation and planning and an airtight conspiracy of dozens. with electornic voting, you need 300 milliseconds and one well-placed hacker to ghost over millions of records in statistically invisible ways, without any outward signs of tampering

do you see the issues at work now?

Re:electronic voting in brazil is wrong

[AK+Marc]

electronic voting in any democracy is wrong.

It's what I said. You aren't arguing about it. You have made up your mind and are on a religious rant against the antichrist, I mean, e-vote. You aren't making coherent thoughts. You are arguing one point one time, and one the other. "No one can trust it" "OK, Brasil trusts it, but the entire country is wrong to do so." You'll change your statements to mold to whatever counter-arguments someone comes up with. Pick a fact, and I'll prove it wrong, but I can't prove your religion of anti-e-vote to be wrong. It's as irrational as any "real" religion (and no, that's not a stab at religions, they are, by definition, irrational, as in not rational/logical, in fact, the Bible says that one can't understand God, so logic/ration are out the window).

do you see the issues at work now?

Yeah, you are a nutjob.

do you think electornic voting is more or less exploitable than paper voting?

Less.

if you think it is less exloitable, you fail at logic

If you were capable of using proper punctuation and capitalization, then one might take you more seriously. However, that aside, take a system where you have paper ballots and holes to punch out. Would you find that more or less reliable than having a computer terminal for every vote and that computer printed out a human-readable "recipt" for every vote that the person takes and drops into the vote bucket with the hole-puncher? Well, there have been numerous cases of hole-punching being flawed (chads and such) and that's paper voting, and yet there isn't a single case I know of where human-readable printed ballots from an e-box were confusing to the counters. As such, an e-voting system is necessarily less ambiguous and less exploitable than the non-e-system I'm comparing it to.

If you disagree, then you fail at logic.

(see, both of us can make the "you disagree, you fail" assertions, did it work for me like you thought it would for you? No? Then stop being a three year old with the "agree with me or I'll tell you that you are stupid" game. I at least wait for you to say something stupid before proving it so)

Re:electronic voting in brazil is wrong

[Falconhell]

"Yeah, you are a nutjob."

True, but he is a correct nutjob in this case.

Arguing that electronic voting is more secure, is one of the most insane things I have seen here on slashdot. Paper is much simpler, and when well run very secure. To audit paper voting is easy and can be done by almost anyone.

Re:electronic voting in brazil is wrong

[AK+Marc]

Paper is much simpler, and when well run very secure. To audit paper voting is easy and can be done by almost anyone.

I don't understand. You are saying that a paper ballot marked by a person (using a pen and with stray marks, or with a punch tool and hanging chads, with handwriting that's hard to read, or such) is easier to match to a vote than a machine-printed human readable ballot? That's one of the more insane things I've read. I honestly can't grasp how people think that using paper ballots marked by hand are more reliable than the exact same system with the pen and paper replaced by a computer and printer. In both cases, there is only one record of the vote, the paper pieces inserted into a ballot box that are later read by human or computer. However, one system has been proven to cause election problems because the ballots are ambiguous, and the other is much more reliably read and understood by both computer and humans for quick counts and manual recouts.

So explain again how a paper printed by a computer is less reliable than a paper marked (or mismarked) by a human? From the numbers I've seen, the number of "invalid" ballots was sufficient to have changed the outcome of every presidential election in my lifetime. Eliminating that with a ballot that has input checking and consistent markings on the output would greatly improve the system. But I guess people like you are more worried about the "feel" of marking it yourself, as opposed to valid election results.

Re:electronic voting in brazil is wrong

[dgatwood]

If you were capable of using proper punctuation and capitalization, then one might take you more seriously. However, that aside, take a system where you have paper ballots and holes to punch out. Would you find that more or less reliable than having a computer terminal for every vote and that computer printed out a human-readable "recipt" for every vote that the person takes and drops into the vote bucket with the hole-puncher? Well, there have been numerous cases of hole-punching being flawed (chads and such) and that's paper voting, and yet there isn't a single case I know of where human-readable printed ballots from an e-box were confusing to the counters. As such, an e-voting system is necessarily less ambiguous and less exploitable than the non-e-system I'm comparing it to.

There's a fine line between machine-generated paper ballots and E-Voting. Your very argument contradicts your assertion that paper ballots are inferior to electronic ballots, as the only acceptable example of an electronic ballot you provide involves a paper ballot (albeit generated by a computer). Without the verifiability of a paper trail electronic ballots are almost completely unverifiable, and that was the point of the GP post.

In fact, the only acceptable form of electronic ballot, IMHO, is one in which the paper ballots also include a bar code containing a UUID that is also present in the electronic database version of the votes so that any discrepancies between the electronic and paper records can not only be detected in terms of the count, but also can be traced back to an individual voting machine, a time of day, and a particular record in the database, thus making vote stuffing much more challenging and much less likely to succeed. That's the level of auditing that the E-Voting systems need, but that is only likely to occur if actual security experts and independent programmers are involved in the design instead of big corporate ATM manufacturers.... We desperately need open source voting systems....

Re:So what?

[Arthur+B.]

You're missing the point, even if you can slightly influence which of the two candidate will win, it doesn't make a difference.

(let's thank the moders for the -1: Troll-because-I-disagree-democracy-is-kewwwll-I-was-told-so-in-democratic-school )

exactly. thank you

[circletimessquare]

you are not a luddite if you oppose electornic voting. you are simply someone with a better grasp of what is exactly being risked and what is exactly being gained. as in: trust and integrity in your government being risked, and slight pointless convenience being gained

electronic voting is the greatest threat to democracy in the world today

Re:exactly. thank you

[pclminion]

Also, email is so easy to delete (as we've seen in the Bush Presidency). We should force all public officials to communicate on paper. Because using paper magically solves the problem of people being untrustworthy. In fact, this is a general solution to all political evil. Remove the electronics and do it on paper. It's PROVABLY SECURE!

I disagree.

[FrameRotBlues]

Personally, I disagree. You seemed rushed in reply, but I don't think I would qualify those devices as "tools." A tool is a single-purpose object designed to solve or repair a problem, and can be checked for operating performance against a known standard. By that definition, that's all a voting machine should be, although I'm not sure I'd ever refer to a voting machine as a "tool." Then again, perhaps some election workers would argue that it solves the problem of hand-counting all those votes.

a government is a purely human construct. its all about social structure and where you fit into it. its all about trusting or not trusting the other people around you.

Yes, the United States government is by the people, for the people; in many ways it is a hierarchy, but specifically for representation, security, and the enabling of rights as outlined in our charter documents. I don't believe it is meant to be a nanny-state, wherein we place all our trust in the government. The Forefathers recognized our need to prevent the nanny-state from occurring, and wrote the 2nd Amendment. I will never give the government, nor anyone around me, either 100% or 0% of my trust. Everyone involved in my life, including Joe Schmoe on the street whom I've never met, receives a certain percentage of my trust. If they befriend me or I determine their goals and past performances are worthy of my support, their trust level goes up. If they stab me in the back or are otherwise dishonorable, their trust level goes down. Very few people can ever receive 100% of my trust. I judge machines and contraptions the same way - based on previous performance. The government, just like the public in general, can never earn 100% of my trust, because it's impossible to personally know all of those people. At the same time, they can never earn 0% of my trust, because I realize that there are people who are in it specifically for the good of the general public, whether I know them or not.

I think trust is one of those fallible human emotions, like love. They are similar in many ways, but I don't think they're synonymous. I once had an ex who told me that 100% love means 100% trust, and that each was a requirement of the other. I couldn't really explain it then, and I can't really explain it now, but even though I loved her with all my heart, I never could fully trust her.

20 minutes in

[DreadPiratePizz]

Pretty much 20 minutes into the video, it describes how a poll worker can simulate activating the machine so that everybody in the room believes it is active, and the voter will notice nothing suspicious, yet the vote cast is not counted. The activation chirp is played, and the correct light display when the voter picks the candidate, and even says "vote counted thanks you", when in reality, no vote has been cast. Unbelievable. It's obvious that a malicious poll worker could absolutely use this to his or her advantage and deny people votes.

Re:No problem, just put a disclaimer on the machin

[TechwoIf]

That would be a good way to protest. Go to vote and place that sticker on the machine. Get a few to do to it to modify all the machines in the voting place.

Re:"E-Voting Machine Security" like "Microsoft Wor

[flyingsquid]

The only thing a e-voting machine should be used for is printing a paper ballot. Count the paper ballots. Anything else means you have to trust the voting machine, or the people who verified the voting machine. (You have to make sure that there are no hidden things in any of the chips, the software, any memory card that comes into contact with the machine, the network that the machine is connected to, etc. Seriously, who can possibly think that a E-voting machine with a Sprint data card in it is secure?)

Nonsense. The vast majority of computer security experts agree that electronic voting machines are the safest, most secure way to conduct an election, and that they are virtually immune to tampering or forging of votes.*

*results of a poll of 1000 experts conducted using Diebold voting machines. 93 of 1000 said electronic voting was not secure, 1237 out of 1000 said that it was.

Re:No problem, just put a disclaimer on the machin

[waferbuster]

You forgot the most important part that appears on lottery machines (and by association should appear on voting machines): "Any malfunction voids play results."

Intresting sections:

Okay, I did not RTFA, but did RTFS instead.

Interesting parts of the report are
Modifications can propagate through the systems via Audio Ballot cartridges.(Section II, page63)
The vote counting software runs on Windows, on standard hardware. The computer examined has been connected to the Internet several times. (Section II, page 64)
The machines can even be modified for wireless access (Section IV, page 101).
The certification institution did not do its job (Section V).

They redacted essentially all technical information though - list of buffer overflows, source code examples, etc.
However a rather enlightening example was left in (Appendix K): The program that is used to generate the ballot does not remove its temporary files, resulting in extremely slow execution - according to the report to the point where only 8 ballot cartridges could be produced per day.

Wow. Pretty damning!

Anonymity and reliability are directly at odds

[LrdDimwit]

There is also the not-at-all-a-small-issue of anonymity. Your voting mechanism must ensure that a particular account number (i.e. a voter's identity) can be used at most one time per election. And you have to record what it was used for anonymously so that what was done with the account literally cannot be traced back to the account holder.

Most of the common credit card fraud-prevention schemes (such as date/time stamping every transaction) violate this. Not really a surprise, since the credit card system is designed to enforce accountability, the antithesis of anonymity (the whole purpose of anonymity is to avoid accountability).

Fundamentally, anonymity is about removing traceability information, and fraud prevention is about maintaining it. These are both core requirements, and they directly work against one another.

Re:Anonymity and reliability are directly at odds

[SUPAMODEL]

This weekend, I voted in an election in the place where I live in Australia. I used one of their electronic voting things. Note that voting is compulsory here. I walked in, they use a computer to work out that I had not gone to another area where I could vote. They then gave me a card with a barcode on it, which is randomly picked up from a pile. It is not associated with my name in any way. The only association was "yes, this person has elected for electronic voting", but no barcode info was recorded. I then go to the system, swipe the barcode. The barcode thing had an approximately 70 character string underneath it. I think it was a hash or something to verify that a) the barcode related to the electorate that the voting booth was related too and b) that it was issued from this site. Each barcode had a different identifier. I then vote for the candidates as I wish. The system would not allow you to make an invalid vote (we use a preferential system here; needed to vote in order of preference of at least 7 candidates, 35 on the ballot paper in total). I did this, and hit the button to let me review it. The system then displays the preference information you've put in. You have to swipe your barcode again to verify that it is the correct one. If it would not swipe, or you needed help, you could hide the vote on the screen and get an election official to help. Once the barcode is swiped, my vote was stored in the system. I then had to place the barcode into the ballot box that paper voters would place their completed ballots in. My vote would not have been counted from the system if my barcode had not been present. Would I prefer an open system? Yes, most definitely, and I have written my comments to those running the election. I would have preferred it to print out a completed ballot paper I could check and lodge that. I think it covers most of the fraud. Is the number of barcodes equal to the number of voters? If not, then fraud has been commited by someone trying to stuff the ballot box. My name is not in any way associated with my vote, but it is counted if the barcode is placed into the ballot box. The barcode also could not be used at different voting booths, even in the same electorate (at least that is my understanding). So, for me, I think the issue of nontraceability and fraud prevention is somewhat solved by this system. Fraud could still occur in how the system records the vote, but at least you are given ample opportunity to see if your candidates have been correctly preferenced. Also, if it fucks up and you aren't happy with it, at any time you can say "no, clear my vote", your barcode is torn up, and you can do it by paper. I think that should always be an option.

Re:Anonymity and reliability are directly at odds

[the_one(2)]

that's a pretty easy problem isn't it? Couldn't each voter get some form of random number with which they vote. It would be trivial to check if the number is only being used once and it would be quite easy to make sure that each voter only get one number (which number the voter gets is not recorded anywhere)

Re:Anonymity and reliability are directly at odds

[hobbit]

it would be quite easy to make sure that each voter only get one number (which number the voter gets is not recorded anywhere)

Please elaborate!

Re:Anonymity and reliability are directly at odds

[the_one(2)]

let's say you have a list of numbers in a random order. Some guy wants to register for voting. He is given a number that then is crossed over and his name (or SSN or whatever you USAians wants to use) is also crossed over. There should be no link between his identifier and his number

Re:No problem, just put a disclaimer on the machin

[waferbuster]

I know... it's not couth to reply to my own posting, but on reflection I had it wrong above. Or rather, I posted poor concepts. Just voiding play on a voting machine is very different from voiding play on a lottery machine.
The reason is that from the viewpoint of lottery, an individual player gets an individual result (win/lose). A voter is placing a vote which is aggregated with the corresponding inputs from other voters to determine the election winner (we'll ignore the electoral college as being overly pedantic).
The difference is that voters affiliations are not evenly distributed geographically. So, by voiding play on voting machines which are in areas with high concentrations of voters of one party, the aggregate can be skewed toward a desired outcome.

Re:"E-Voting Machine Security" like "Microsoft Wor

[Geoffrey.landis]

Making that whole system *secure*, otoh, is almost impossible, especially when it is something as large and distributed as a national voting system. If a company could actually make a completely secure voting system, they could also have a good DRM system. (Yeah, I did say "good DRM system", which shows how possible I think that is)

From Ken Thompson's essay Reflections on Trusting Trust, he says it isn't enough to check the source code, you also have to check the compiler, the output from that compiler, and I would add, in the context of a voting system, everything that is or could be in the system/network.

I would like to respectfully disagree here. Your comment can be too easily be summarized to "well, if you can't solve every possible flaw, you don't have a secure system, and so there's no point in trying, if they're all insecure anyway, any system is as bad as any other."

This belief is flawed. Even if you can't prove that there isn't any possible attack, it is nevertheless true that there are better systems and worse systems, and you don't want a worse system. Being able to check the source code-- and, better, having the source code open for anybody to look at-- is in fact a very good start. Yes, it is possible that there may be some hithertofore-unknown flaw in the compiler, and some extremely ingenious cracker might be able to find it and find a way to use it to manipulate voting results... but this is a billion times less likely than the case of some open port left accessable, or a deliberately open back door, that would be found by careful inspection of the source.

(You've misquoted Ken Thompson's conclusion, by the way. His actual conclusion was that you should never trust any program you didn't write yourself. Apparently he's never seen the programs I've written myself.)

Convenient timing?

The release to the voter population of this information so soon before the election is likely to result in less voter confidence in the election and subsequently a lower voter turnout, at least in areas where the machines are used. This creates a bias in the election results of at least two kinds.

2 things:

[circletimessquare]

1. it helps when criticising someone to not commit the same crime you criticize them of. i leave it to your vast superior intellect to understand what i am talking about (snicker)

2.

However, that aside, take a system where you have paper ballots and holes to punch out. Would you find that more or less reliable than having a computer terminal for every vote and that computer printed out a human-readable "recipt" for every vote that the person takes and drops into the vote bucket with the hole-puncher? Well, there have been numerous cases of hole-punching being flawed (chads and such) and that's paper voting, and yet there isn't a single case I know of where human-readable printed ballots from an e-box were confusing to the counters. As such, an e-voting system is necessarily less ambiguous and less exploitable than the non-e-system I'm comparing it to.

If you disagree, then you fail at logic.

i disagree, and i shall use logic to dismantle your assertion

a. observation: system a is more complicated than system b

deduction: system a has more avenues for exploitation and failure than system b

b. observation: electronic voting is more complicated than paper voting

deduction: for every example you can give me of paper voting breaking down or being exploited, i can give you many more of electronic voting breaking down and being exploited

feel free in your vast command of logic and reason to dismantle my religious rant. i won't conclude by saying "If you disagree, then you fail at logic."

because you know, i wouldn't want to appear to be a member of some irational religion that feels is it impervious and perfect ;-)

Re:2 things:

[AK+Marc]

a. observation: system a is more complicated than system b

Assertion without support. Paper ballot A is more complex than paper ballot B? The system to generate the ballot may be, but the ballots themselves are both paper ballots, but one is mechanically generated for uniformity, and you are claiming that is less reliable than one that a person tries to mark, which is proven to be unreliable.

b. observation: electronic voting is more complicated than paper voting

A false statement. Walking up to a computer screen, poking the name you want, getting a printout you can verify, then dropping it in the box is easier than getting a paper ballot, walking to the voting booth, poking out the holes for the person you are voting for (not sure if they are dimpled, hanging, pregnant, or how they may be counted by anyone else) removing the mechanically indicated ballot, seeing a piece of paper with no markings other than a couple holes in it, with no idea how it would be counted if someone were to recount it, then taking that and dropping it in a box. Again, tell me how the paper system is more simple for the voter, and something they can verify? With just a couple edits to the booth, someone can rig the holes to select the wrong person, or make the selection ambiguous when names are listed on both sides of the punch hole.

You assume the worst of the e-vote, then assert (without proof) that it's worse than a system you hold infallible that has been proven bad many times in the past. You are a religious nut, and your Christ is paper ballots.

torrent for the gigabyte video file

[SLi]

Here you go, a torrent for the 1 gigabyte hi-res video:

advantage-insecurities-exhibit-hires.mp4.torrent

you don't know what jesus smells like?

[circletimessquare]

you must be a communist muslim supported by jewish money

like mccain

(i'm being funny, but yes, there are people who actually think like this)

Re:"E-Voting Machine Security" like "Microsoft Wor

[mi]

Count the paper ballots.

Anything else means you have to trust the voting machine, or the people who verified the voting machine.

Or the people, who count the paper ballots... I'd rather trust a machine, however imperfect...

Cook County uses Sequoia Machines

[Joe+The+Dragon]

And they don't use this Machine but they use other ones and the voter card activator does have a HD, USB ports for the touch screens usb keys that the votes are on as well a cartage port for the Optical scan reader. It also does have a Cell phone modem in it and the ZERO tape does print its IP address.

These things are screwing up ALREADY!

link

Hmm

[ShooterNeo]

An electronic voting machine should be simple. Why the f- are they even using an operating system at all? Wouldn't a stripped down the bone OS do the job? How about using DOS?

(before you laugh or say to use free software, the reason I say DOS is there is ZERO chance someone 20 years ago inserted code that would corrupt a voting machine)

Also, with DOS you could easily verify the md5 of the OS image.

I say use DOS, and write the vote counting program in terminal graphics mode, with those colored ASCII characters for a GUI. A SIMPLE GUI. The feature count on this program should be limited to the crucial things only.

And NO network access. The only way to count votes should be to physically gather all the flash memory cartridges in one place. Each cartridge would have a ONE TIME PAD encryption lock. There would be a central "vote counting" terminal that would be the only machine in the county with the other copy of the one time pad used.

What about HARD HACKS?

Forget Software / System hacks ...

These things are electronic without (I assume) battery
backups that will run for the required 12 hours of voting
(give or take).

What about - a building power outage caused by a car wreck,
popped circuit breaker, thunderstorm?

What about black spray paint on the screens?

What about JB Weld put in the power plugs?

What about an electrician's wire cutter?

What about a short circuit device plugged in some other
outlet in the room with the machines?

Seems to me it would be easy to take out an entire polling
place with just a couple of items.

And this is secure? Yeah, right.

Why so backwards?

[lord_sarpedon]

Funny I think that people are so cautious to trust computers here, but they're fine for everything else. Just make it open. We can gain some advantages.

-Immediately before voting, you are handed a number. How we generate these numbers is up for debate. Perhaps they are centrally generated and serial. Perhaps a hash of name + DOB + other stuff. Each choice here opens different doors.

-Barcode equivalent to said number must be scanned at the machine. Number must also be entered on an onscreen key pad.

- Number + voting choices + timestamp + voting machine id are stored in a central database. Immediately. Nothing local.

-You get a receipt with your Number + voting choices + timestamp + machine ID. It also has these other handy value on there. A digital signature, created by said central authority with its private key. The public key is well known long in advance.

-After the election, the entire result set is made available for download. Yeah, a recount is a big fucking deal. We have these neat machines that are good at math. The bigger deal here is that if you check the database after you voted and the entry for your number doesn't match, you scream bloody murder. If you don't trust the machine, any party can verify the central authority's signature.

-But in addition to 'any' party, it is critical to have a non-networked verification appliance, which does nothing but verify the central signature for you before you physically leave. If you scream bloody murder at this point, we can consider the plain-text part of the receipt trusted. You obviously couldn't have faked the entire receipt while being watched by everyone. More on this soon.

Nice huh? Let's recap some advantages here:
-You can verify that your vote was counted and correctly
-You can't determine who voted for whom, except yourself.
-The receipt actually means something

Let's elaborate on that third point.
There are several means of lying to you, which can't easily be solved without adding machines into the mix

-What if the receipt says you voted for X but the machine recorded you as voting for Y? This is as good as pressing the wrong button. The signatures will both be valid. But if the plain-text portion shows the wrong candidate, you'll notice and scream. If the plain-text portion doesn't match the the central signature (the one most directly relevant to proper recording) you will catch this at the non-networked verifier. The receipt can still be trusted having not left the polling place, so you will be allowed to vote on another machine, as meanwhile the machine you previously used is marked for a serious investigation...

-What if the central authority records whatever it wants but produces a normal signature? The receipt will be considered entirely valid and endorsed. People will notice quickly as they check the database from home. You have a paper trail that can be trusted. What if the signature is bogus? People notice before they leave the polling place.

Up to this point? Criminal negligence bordering on treason. Open source needs to step up.

Re:Why so backwards?

[ragefan]

Nice huh? Let's recap some advantages here:
-You can verify that your vote was counted and correctly
-You can't determine who voted for whom, except yourself.

Except what if your boss (or some other authoritative figure), calls you into his office, brings up the web page login and says "Prove to me you voted for X or your fired", or "Prove to me you voted for Candidate Y and I'll give you a large sum of money"

Any system that allows a vote to be tied back to its voter can be manipulated.

Re:"E-Voting Machine Security" like "Microsoft Wor

[pipingguy]

Canada uses paper ballots and counts them in a few hours. The paper ballot system is not broken. We should quit trying to fix it until we get a LOT smarter.

Follow the Canadian lead - vote conservative this election.

(mouth hangs open)

[circletimessquare]

congratulations

you've utterly defeated and humbled me beyond the pale

i stand here in abject pain at how thoroughly you have spanked my rotten ways

i am now reeducated:

(drum roll)

a paper and a pencil are more complicated than a computer kiosk

(!?)

BWAHAHAHAHAHAHAHAHAHAHAHAHAHA

you sir, are a fucking retard, beneath even a consideration of intellectual charity

adios, stubborn moron

Re:(mouth hangs open)

[AK+Marc]

a paper and a pencil are more complicated than a computer kiosk

Yes. For the voter, having to use a paper and pencil is harder than a kiosk, and leads to more errors. For the vote counters, having paper and pencil ballots are harder to count. People erase when they were told not to. People make stray marks. People mark two from a reading or alignment error. All sorts or errors can happen with a paper ballot that are impossible for the person marking the ballot to notice in time to fix. But with the kiosk, it prints out the names of the people you vote for, you read them. There is no possibility of error. That makes it a much simpler means of voting, and a much simpler means of counting the votes.

I never claimed the *system* was simpler from a preparation standpoint, but that once everything was done, starting at 7 a.m. on voting day, good computer voting will *always* beat good paper/pencil voting. It can never be any other way.

And no, bad computer systems are not "proof" that good computer systems are bad, despite all your rantings to the contrary.

Our current system is broken because there is no voter verification at all. No one knows how their vote will be counted. One assumes that you check a box that you did the right thing and the human reading it will understand, but there is *proof* that errors happen so often that they could have changed the outcome of every presidental election in my lifetime. And yet, people accept a system that is proven to be so flawed it may have never been right once in the history of our nation. And here you are ranting about a system that can only improve the accuracy of the system. And you call me a retard...

Re:No problem, just put a disclaimer on the machin

[qzjul]

As long as you have it read out by GLaDOS; and perhaps append:

"For example, the apparatus may electrocute you. Good Luck, and Happy Voting."

Re:"E-Voting Machine Security" like "Microsoft Wor

[TapeCutter]

Suppose we had such a situation as you suggest and thousands of reviewers pawed over the code making it "as good as it gets". How do you verify the code that was reviewed is the code that is running?

"if they're all insecure anyway, any system is as bad as any other."

It is true that all voting systems are open to fraud, however rigging a paper election is orders of magnitude more difficult than rigging an electronic election simply because of the number of people needed to implement the "hack".

With all due respect, people who believe electronic voting can be made "better than" or even "as good as" traditional paper voting have no idea how the counting of traditional paper ballots is conducted.

Re:"E-Voting Machine Security" like "Microsoft Wor

[p0tat03]

Agreed! I don't know why it has to be so complicated. Canadian ballots are just a list of names with a blank circle next to them. You mark the circle of your candidate, and DONE. Sheesh, don't even know why you have these doodads where you have to insert your ballot, poke a hole through this and that... ugh...

Re:"E-Voting Machine Security" like "Microsoft Wor

[pclminion]

Anything else means you have to trust the voting machine, or the people who verified the voting machine.

Because the people counting the paper ballot are implicitly trustworthy? For that matter, can you trust people to vote intelligently? The technology is just a piece of equipment. Trust is something we place in people, or not. The machine has nothing to do with it.

Re:"E-Voting Machine Security" like "Microsoft Wor

[GigaplexNZ]

Or perhaps just use a micro and run an embedded application rather than running a pre-emptive multitasking operating system. It doesn't need to do much.

Re:"E-Voting Machine Security" like "Microsoft Wor

[TheLink]

Maybe the difference is the average Canadian volunteer can actually count higher than ten? And do it reliably, consistently and in a timely manner ;).

Seriously, any voter that prefers an electronic voting system to the usual reasonably secure paper voting system is pretty stupid.

Paper voting systems can be compromised by postal/absentee votes, but the same applies to electronic voting systems.

It's funny the USA spends trillions to pick a government in Iraq, but they have no money and resources to do it right in the USA.

Oh but wait maybe they're intending to pick a government in the USA just the same way they picked a government in Iraq.

Only US Governments approved Governments allowed :).

does this mean?

[nx6310]

Does this mean Mccain could actually win this year?

Great - check out these links

[RMH101]

The University of Surrey, UK, is working on something very similar.

http://www.cs.surrey.ac.uk/FMS/evoting/bibliography.php

Re:Great - check out these links

[sycorob]

The thing you're not considering is vote buying/coercion. A gangster in your neighborhood comes by and "suggests" that you better vote for Vito. He'll be by next week to see you voting receipt. If you know what's good for you, it will show that you voted for Vito.

With anonymous voting, you can threaten me, I can vote against Vito anyway, and nobody can prove anything.

Check the University of Surrey link posted by RMH - their system tries to overcome this issue. If I remember correctly, you would have to go through "tellers", basically a hash held by a third party, to map my vote receipt with an actual vote. You could take 100 votes and check their authenticity and hence the validity of the ballot, but most people's votes would remain anonymous.

Re:"E-Voting Machine Security" like "Microsoft Wor

[theaveng]

If credit cards are so secure, why was some idiot on the *other side of the continent* able to get my number and buy $3500 worth of stuff in Walmart? (Presumably with his own fake card.)

Credit numbers are stolen all of the time. Thousands per day. A voting machines need to be far more secure that that, because even one "stolen" vote per machine is enough to change a statewide election.

The real question: election rigging..

AFAIK there were some remarkable results during the last two elections. The key question is if the US has actually had a legitimate president or not.

I have a strong feeling everyone will walk quite carefully around this room filling elephant, after all, the potentially illegitimate winne has had 8 years to organise suppression.

OTOH, voters may simply have been that dumb. We may never know..

Re:"E-Voting Machine Security" like "Microsoft Wor

There's no reason for a voting machine to even have an "OS". An OS is entirely unnecessary on a system which is designed to run a single program.

As for using two compilers: if you are serious about formal verification, you verify the machine code, not the source code. That will handle the case of valid but "insidious" code (i.e. code which "appears" to do something other than what it actually does), but multiple compilers won't.

Needless to say, such verification is a great deal simpler for a RISC CPU (ARM, PPC) than a hyper-complex monstrosity such as the x86 architecture.

What happened to testing *before* deployment?

[radarsat1]

To me the messed up thing in all this e-Voting stuff is that the counties are using e-Voting machines that are shown to be hackable... implying that they are using the machines without fully testing them. That is, they have decided on the machines (presumably after a convincing marketing presentation), and only *after* using them, have people come along and said, hey, these aren't safe.

In usual situations, a system would be tested for hacking *before* being deployed. Until such time as it can be independently declared safe, the old, trusted system would remain in place. This rule applies to every major server in the world, why does it not apply to something as fundamental as VOTING?

We shouldn't just be mad about hackable eVoting machines, we shouldn't just be mad at the companies that make them, we should be mad about bad decisions being made by those in power to use these machines without properly testing them.

(By "we" of course I mean people who actually have to use e-Voting machines.. myself, I'm from a place that banned them, thankfully.)

Re:"E-Voting Machine Security" like "Microsoft Wor

[Geoffrey.landis]

Suppose we had such a situation as you suggest and thousands of reviewers pawed over the code making it "as good as it gets". How do you verify the code that was reviewed is the code that is running?

If the code that's reviewed is not the same as the code that's running, this is in itself evidence of fraud. You don't need to look for a back door in this case; you don't need to even know what the code that's running does, you have already shown fraud.

torrent for the 250MB video file

And a torrent for the 250 MB lowres version. http://www.mininova.org/tor/1934773

voting machine must be not electronic but electric

[roman_mir]

Your voting machine must be not electronic, but electric instead. You come into the booth, there is a table with buttons on it, each button is a vote. Each button is located near a name/picture/party description of a candidate. You push a button, which is connected electrically to a mechanical counter. The wire from the button goes into one of the counters, the old mechanical counters, and the lever to increase the count is pulled by an electromagnet.

To prevent you from pushing more than one button more than one time there is also an extra wire, which detects that you pushed the button once and disconnects all power by flipping a switch on the outside of the booth until you exit from the booth. Before the next person enters, the relay is switch is flipped on so that the next voter can push his button.

If redundancy is required, the button you push can also invoke a card puncher, which will provide you with a card with paper being punched out (not by hand, by an electric card puncher). You put this paper into a box.

The mechanical counters are outside of the voting box, under a cube of fiberglass but the numbers are not visible, they are behind a piece of cardboard.

On the punch card you can see the name of the candidate and a hole punched next to the name.

The mechanical counters can only go up and not down due to their mechanical nature, until they reach their maximum and reset to 0 by overflowing.

It is very easy to inspect such system and if all the wiring is directly visible then it is not going to be easy to tamper with them no matter where they spend the night before elections.

Once the elections are over all that is needed is to open the faces of the counters by removing the cardboard.

For recounting there is paper.

Video shorts on Youtube

For the impatient, there are short Youtubes that excerpt clips of some of the modes of operator errors or hardware hacks. One recreates how a inattentive poll worker could cause some of the discrepancies observed on actual poll tapes. The other shows how to replace the firmware which resides behind both a locked door and sealed metal panel takes 6 minutes and a screw driver and bobby pin and does not break the seal. That include the time it takes to give a lecture on how to do it too!

The first shows how an unmodified machine running actual software from the Primary can produce miscounts
http://www.youtube.com/watch?v=xxM_QNGF1dE

these show how to hack and access the machine to put in new software.
http://www.youtube.com/watch?v=3NHQHMXca9E
http://www.youtube.com/watch?v=CA3J9qlVuBM

Possible sorta fix

One fix...Start treating voter fraud as an act of treason. It would make "most" people think twice before fooling around with an election.

Let's not forget the big picture, as well

[whitroth]

I have yet to read a single report, in '02, or '04, '06, or so far this year, where a vote for the Republicans was flipped to Democratic. Not one. It's *ALWAYS* Dem to Repugnantcan.

                mark

Relay-based binary counter

[Neil+Jansen]

Why the hell do you need an operating system at all? The only thing needed to count are a few logic gates, i.e. a binary counter. Can't get much simpler than that (well besides pen and paper). Make the logic gates out of latching relays, and you get a nice satisfying 'clunk' feedback when you enter your selection. Add some LED indication for good measures, and keep a few people around who have been given a 20-minute lesson on binary counting to make sure it's counting properly.

Keep it simple, stupid!

Perception beats reality every time.

[MacAndrew]

If electronic could be made 100% secure, foolproof, etc., it should still not be used simply because of the PERCEPTION of what happens..."

"If voting changed anything, they'd make it illegal." -- Emma Goldman (attrib.)

Consider that if voting is a feel-good event, does reality matter? If the voters perceive the election to be fair, why even count the ballots? In the cynical view, the voters don't want to know how the sausage is made, they just want to *believe* it doesn't have cow poop in it. No one in the general public thought about hanging chads (cow poop) until there was a disaster; the people running the elections sure knew about the poop, but also knew they could get away with selling it as 100% beef.

I vote (not that anyone cares) for simple, cheap, reliable, flawed-but-less-so optical scan plus manual recounts of samples to detect errors or fraud. Save technology for where it is actually needed,* not because it saves a few bucks (maybe) or makes election officials look 21st century.

*Until we get unalterable optolythic data rod or the equivalent (which I will call "paper plus").

Say baaa

[TheLink]

Think harder. If Z gets elected, even if he is a criminal, he won't be as powerful as X and Y just for the very reason he is new. He wouldn't have immediate access to an entrenched power base built up over decades. It takes time for the lobbyists and corporations to figure out what his buttons are.

Most importantly at the _start_ he is likely to put on a semi-decent show of serving the public.

Whereas just look at Bush and gang, they've accumulated so much power (direct and defacto granted by people like you) that they're not even bothering to put on a half-credible show. Look at what they have been doing - retroactive immunity, "WMD in Iraq". Look at how much they have got away with.

They're stomping on you all, your beloved Constitution and more, and all you are doing is rolling over and bleating.

I get the nagging suspicion that it's all lame excuses and you are all just _abdicating_ so that you can spend time with your beloved TV or something.

The trouble is there appear to be millions who also illogically think that voting won't help AND at the same time believe that when stuff gets even worse, they can exercise their "right to bear arms" and somehow their guns are going to put people in charge that will actually serve the public.

Hilarious.

The fact that you said you only had two choices probably means I'm wasting my time on you, but I thought I'd try anyway. Plus maybe others might decide to try, if not you.

Otherwise, yes there is no point making a big fuss over crappy e-voting machines.

Not because you have crappy choices.
But because if you all aren't going to vote anyway, they might as well rig it.

Hopefully the US will stop producing elections where there are more votes than voters. Those were funny, but even Saddam never had > 100% of the votes in his elections.

Maybe they should declare the results _before_ the elections and save you all the trouble.

Re:Say baaa

[db32]

How is Z supposed to get anywhere NEAR enough exposure without either being in the game for a long while or being a complete and total sellout. You really are living in fantasy land in that regard. Do you expect some monumental grass roots campaign to suddenly unite millions of voters with 0 expenditures and get enough votes to win? I bet if we all hold hands and sing kumbaya loud enough we will suddenly change the course of human history where those in power are suddenly beholden to those in not. It will be like a crazy opposite world. The only difference in other parts of the world is that some areas have leaders that are slightly less psychotic or at the very least less obvious about the power they hold over the populace.

I haven't watched TV in years. I actually prefer spending more time with my beloved family than wasting my time getting worked up over shit that has not and will not change for a long long time if ever at all. News flash...humanity is a shitty little monsterous creature full of greed and malice and no amount of voting will remove the sick and twisted fuck tendancies from our society as a whole. As much as I loathe what our loony tunes in office have been up to, it does not change the fact that any given American is infintitly more likely to be tortured, beaten, killed, raped, or otherwise have bad shit happen to them due to their fellow sick fuck citizens than any bastard leader with shitty policy.

I'm not sure why you laugh off the "right to bear arms". Seems to me that every time a nation had a brief period where the citizens were empowered it immediately followed a period where the citizens armed themselves. You know...that pesky "Revolution" word that has popped up in a number of places throughout history. And every time I hear some fool talk about how the people can't resist such a large military force I point out that more than a few nations to include the US threw off the shackles of British imperialism when the British had one of the most powerful militaries of the day. Then I also like to point out the problems in Iraq and Afghanistan where a bunch of unorganized poorly armed rebels are making life very difficult for one of the most powerful militaries of the day.

This doesn't mean I don't make a bunch of noise when given the opportunity about the problem. But seriously...so long as every election continues to end with 2 candidates of equally dubious value then there is no point. You seem to think that Z will come out of thin air magically and people will flock to vote for Z and that is the only way to fix it. The real problem is getting Z to be a viable candidate which has NOTHING to do with voting and has to happen LONG before any voting happens.

Re:Say baaa

[TheLink]

Quote: I'm not sure why you laugh off the "right to bear arms".

After all this you think your votes won't make a difference but your bullets will?

I laugh it off because of what you and others like you say.

To paraphrase you: you seem to be under the rather misguided impression that once your bullets start flying the person who gets into power won't be a criminal too. You seem to hold the strange notion that the people in public office actually want to serve the public. You seem to be confused about "serve the public".

Wake up!

Face the truth: violent revolutions tend to end up with Dictatorships.

Because the person willing and capable of exerting the most violence (aka kill lots of people) will rise to the top. Then once that person has got all that power, that person very rarely hands it to "The People". In most cases that person says "kill everyone who opposes me".

That is why so many Communist Revolutions ended up as Dictatorships almost immediately. Because they followed Marx's implementation plan which had violence in it from the start.

And why should a Dictator hold elections - if what you say is true, the other candidates will be wolves too.

Quote: "I bet if we all hold hands and sing kumbaya loud enough we will suddenly change the course of human history where those in power are suddenly beholden to those in not."

In the USA the voters actually hold the power, unless they have abdicated.

If 70 million of you actually voted for somebody else or even "none of the above" you would change things a bit. Don't believe me? Try it.

My suggestion would actually work. The big problem with my suggestion is it doesn't work if there are too many people who just "roll over and bleat".

Re:Say baaa

[db32]

I am most certainly not advocating a revolution, but our own revolution turned out rather well so that is the mentality here in terms of revolution outcomes. You can't realistically compare completely different cultures reactions to events as if they should all be the same.

Honestly, anyone who wind up in office via power struggle, voting, or otherwise pretty much has a terribly high probability of being a criminal.

The people that hold the power are the people who control the information. I don't know why you think the voters have the power. Our problems have basically nothing to do with voting or not voting. Our problems stem directly from the fact that people are perfectly happy accepting whatever decisions are made in their name. You are under the misguided impression that fixing a symptom (not voting) will cure the disease or make some kind of difference. The problem you have to fix is to actually get the people monitoring those that they vote for. You have to get the people educated on what is actually happening at the government level instead of following along with whatever kneejerk bullshit their candidate of choice spews at them.

The McCain camp blathers on about socialism and his idiot supporters lap it up. That asshole voted for the bailout and the plan that is leading to the nationalization of our banks! What? We can't have nationalized healthcare because that is socialism, but we can have a nationalized bank because it is an economic emergency?

The Obama camp blathers on about freedom and hope and his idiot supporters lap it up. That clown has voted with Bush on half the things he campaigns against! Wait wait wait...I thought he hated the wiretapping, I thought he supported the constitution! Why would he vote in support of the wiretapping crap. Even if the wiretapping could be considered legal passing a law to grant immunity for it is unconstitutional. Ex post facto laws are specifically mentioned as unconstitutional.

Voting won't fix any of that. People just don't care. People see PATRIOT ACT and think it would be unpatriotic to vote against it. People see "Child Online Protection Act" and think that anyone who votes against it wants to protect pedophiles.

Come look me up when you fix the anti-intellectual problems in America and we can discuss voting issues. So long as people are happy to "do their civic duty and vote" and not actually watch what happens afterwards no amount of voting will make a difference.

Re:Say baaa

[TheLink]

"The people that hold the power are the people who control the information."

The people who control the information _influence_ the power.

The President of the USA still has power even if people feed him bad info. He can still choose to get his information from other sources. And he still is _responsible_.

Same goes for the voters. They have their powers and their responsibilities. They may not have that much power, but they have more power than in a Dictatorship.

They all can't go around saying "It's not my fault I misused my power, they were feeding me crap info". OK they can, but it still is mainly their fault. Yes the people providing bad info have their share of the blame, but if the one pulling the trigger is sane, it's his fault.

I agree with you that the problem is due to something like this:

"people are perfectly happy accepting whatever decisions are made in their name"

Hey if that is true then the leaders are doing what the people want. And you have a working Democracy. It may be butt ugly, but it is a fair representation of the people's will.

As I have been saying over and over, if people are not happy, they should vote, and vote for someone else rather than more of the same. If they are content with things, go ahead vote for more of the same.

If that's what they have been doing then that's Democracy at work for you.

So why should I fix the anti-intellectual problems in America? It'll be against the will of the people.

Fixing the anti-intellectual problem would affect most of the voters drastically. Too drastically probably.

Think about it Bush was _reelected_.

62 million for Bush, 59 million for someone else, and > 60 million - don't care or say "it doesn't make a difference whether I vote or not".

Lastly, even if the anti-intellectual problem should be fixed, I think it is beyond my ability to do so.

I already tried with you. Whether or not I was successful depends on whether you vote or not (or even run for election ;) ).

You're bitter because more voters voted for the "wrong choice". But that's part of Democracy. It does not mean you shouldn't vote. If you don't play the Democracy game you'll never win.

p.s.

"People see PATRIOT ACT and think it would be unpatriotic to vote against it"

Hey people saw "Bear Stearns High-Grade Structured Credit Enhanced Leveraged Fund" and "Bear Stearns High-Grade Structured Credit Fund" and they bought it. Trouble is they may have bought it with your pension money.

Re:Say baaa

[db32]

I don't care who people vote for because the choices suck. Thats the problem. We are only ever presented with "more of the same" type candidates. For a candidate to get enough exposure to actually have the whole "get out and vote" thing to make a difference they pretty much have to sell out to special interests and play dirty politics.

We are nowhere NEAR at the stage where we have to worry about voting. Right now we have to worry about getting people to understand how broken the political system is. Term limits, checks and balances, and all of that crap needs to be fixed first. TRANSPARENCY!!! People need to know what the hell is going on in DC without being legal experts themselves!

You may ALWAYS cast a provisional ballot!

I have recently realized an issue of concern regarding our electoral process... some people have realized that many minorities who are legal citizens of the country and should be allowed to vote aren't being allowed to vote because they lack ID that is accepted at the time of voting.

I can only speak for my own home state, where I am a (very low level) elections official.

At my polling place, anyone who is challenged for any reason will still be placing a provisional ballot. I will see to it personally, and I will take whatever steps are necessary to make sure those provisional ballots are properly checked and counted.

Sign up with your local elections board & be a part of the solution.

"Oh Thufir, I see they've installed your heart plug already.... Don't be angry. Everyone gets one here." --Baron Harkonnen

Absentee Ballots

Ok, since everyone is missing this point:

You don't have to show up at the polls to vote, you can send in an absentee ballot. This is why fake registrations are a problem- you register a fake identity and vote by absentee ballot- no ID to check, no way to verify the person is real once they passed registration.

Voter registration is simply a method to keep the poor & minority populations from being able to vote. (disclaimer- I am a rich white guy)

All that SHOULD be required to vote is:

A) A state/federal ID/driver's license

OR

B) A notorized copy of your birth certificate (or citizenship papers).

AND

C) Your fingerprint.

Ya ya people ineligible to vote can still get ID's, but those can be checked & the votes they cast thrown out. Yes people can find ways to fake documents as well, this is why I propose the fingerprint. This simple method will ensure that no ONE person can cast more than one vote. Eligibility can be determined from the ID/paperwork provided.

Notice I don't include registration- it just isn't needed. Registration was a method that was used to simplify and speed up the process of making sure a voter is legally allowed to cast a ballot. With the technology we have now we just don't need registration.

Cheap, simple, effective. But I guess that's why we don't do it.

Re:"E-Voting Machine Security" like "Microsoft Wor

[dgatwood]

That logic doesn't make sense. When you have multiple people doing the counting, the humans may make errors, but those are going to be relatively small, occasional errors of being off-by-one, not significant "drop every third Democrat ballot on the floor" mistakes. Those sorts of slight errors tend to cancel each other out on the average. With computers, it is trivial for a tiny change to skew the election arbitrarily far. I'd rather trust a machine if I had any faith in the software on that machine. However, unless I and thousands of other volunteers can see the source code and study it, I can't trust the software on that machine.

Software for something this critical needs to A. have an audit trail that is verifiable after the fact (at minimum, a complete paper ballot backup so that districts can be randomly spot checked to ensure that software bugs and/or intentional manipulation of votes do not go unnoticed); B. be subject to full public scrutiny of the executing code to ensure that it is above board (just as the counting process with physical ballots is subject to, at a minimum, scrutiny by representatives of all candidates); and C. have physical security that is at least as secure as the voting boxes used in physical ballot elections. If any of these is not the case (and currently, none of these are the case), then the electronic systems are inherently less trustworthy. Much less trustworthy, in fact. Not even in the running.

Re:"E-Voting Machine Security" like "Microsoft Wor

[dgatwood]

Because the people counting the paper ballot are implicitly trustworthy?

When you have vote counters on both sides monitoring every single vote counted, yes, the people counting the paper ballots are about as trustworthy as you can reasonably get. Perfect, no, but certainly not likely to be very far off.

For that matter, can you trust people to vote intelligently?

You're either for democracy or you're against it. There's no middle ground here where it is acceptable to say that a sham election is acceptable merely because the people can't be trusted to vote the right way.... If you believe that, then you are effectively appointing yourself (or whoever runs the elections) to be the de facto King, and that's not a democracy anymore.

Re:"E-Voting Machine Security" ...

[mi]

the humans may make errors, but those are going to be relatively small, occasional errors of being off-by-one, not significant "drop every third Democrat ballot on the floor" mistakes

No, not every third Democrat. More like: Drop all Republicans on the floor:

One ballot was a straight Democratic "punch 10," and the precinct captain ran it through the counting machine 198 times. In order to avoid suspicion, he also ran a ballot containing some Republican votes through the machine six times.[44] All of the votes in that precinct were fraudulent except for those two original ballots.

If it weren't for the machine, the same asshole would've just recorded 198 pro-Democrat votes... It does not matter, whether it is machines, or purely human labor — significant anti-fraud measures are needed in any case.

Re:No problem, just put a disclaimer on the machin

or could they just put "Beta" on it?

Re:"E-Voting Machine Security" like "Microsoft Wor

[hobbit]

And who md5sums the md5sum?

Re:"E-Voting Machine Security" like "Microsoft Wor

[pclminion]

If you believe that, then you are effectively appointing yourself (or whoever runs the elections) to be the de facto King, and that's not a democracy anymore.

Voting intelligently doesn't mean voting for the "right candidate." It means having some rational basis for your vote. Suppose somebody votes by flipping a coin. This is not a meaningful contribution to the system. Votes should express real opinions hopefully based on real facts. Instead we have people who vote based on emotional impressions or single issues. They have the right to do this, but it's not helping to make the government a better representation of what people really need from their leaders.

Executive summary point VIII:

[Alsee]

The AVC Advantage is too insecure to use in New Jersey.

So ship them to Ohio and Florida.

-

Re:"E-Voting Machine Security" ...

[dgatwood]

No, not every third Democrat. More like: Drop all Republicans on the floor:

So on the one hand, you have Democrat supporters supposedly registering bogus voters. On the other hand, you have the Republicans creating challenge lists and preventing people from voting. They're all dirty. The whole lot. I think we need about eight rounds of consistently anti-incumbent voting to straighten out the train wreck of a Congress and state legislatures that we have going these days, which of course won't happen thanks to all the gerrymandering....

That said, verifiable voter rolls is a much harder problem than a verifiable voting system; it's an orthogonal problem....

Re:So what?

[michaelmuffin]

True, the significance of one vote is not much when there are many voters but it's pretty obvious how the ammount of power one vote wields goes up when the amount of voters goes down.

it doesn't matter who you vote for when you have only two viable choices who have the exact same policies as each other and indeed the same policies as the current administration

Re:So what?

[michaelmuffin]

NOTE TO MODS:
-1 offtopic != -1 i'm too lazy to read such a long post

Re:"E-Voting Machine Security" ...

[mi]

On the other hand, you have the Republicans creating challenge lists and preventing people from voting. They're all dirty.

Sorry, the two activities do not equate. At all. "Challenge lists" don't necessarily prevent people, who are eligible to vote, from voting. Challenging Mickey Mice is not dirty at all.

Comparing that with the flat-out replacing legitimate votes with your own is silly — that practice is far dirtier even if some legitimate voter does get challenged by the other side to prove eligibility. The challenge is no less legitimate, than the requirement to show an ID when buying alcohol or tobacco.

But that's all new topic — the original one was that neither machines nor humans can be automatically trusted to count the votes.

Re:"E-Voting Machine Security" like "Microsoft Wor

[jafac]

It's not even as SIMPLE as coming up with a completely trustworthy machine.

Next, you'd have to trust ALL of the people who come into contact with or operate the machines.

(congratulations: you just lost the game!)