Slashdot Mirror

← Back to Stories (view on slashdot.org)

Open Source Program Reveals Diebold Bug

Posted by timothy on from the rabble-rousin'-ne'er-do-well dept.

Mitch Trachtenberg writes "Ballot Browser, an open source Python program developed by Mitch Trachtenberg (yours truly) as part of the all-volunteer Humboldt County Election Transparency Project, was instrumental in revealing that Diebold counting software had dropped 197 ballots from Humboldt County, California's official election results. Despite a top-to-bottom review by the California Secretary of State's office, it appears that Diebold had not informed that office of the four-year-old bug. The Transparency Project has sites at humetp.org and http://www.humtp.com." Trachtenberg also points to his blog for the Transparency Project, and his own essay about the discovery and the process that led to it.

44 of 175 comments (clear)

  1. First Post by Anonymous Coward · · Score: 5, Funny

    Hey, Trachtenberg do you have a sister? And was she somehow the key to all of this?

    1. Re:First Post by cathector · · Score: 3, Informative

      on the off chance you're actually after an answer to the question in your .sig, the reason is that irregular forms such as -en simply die out when a generation of speakers rarely hears and uses the past-tense of a particular word, and so when it finally comes time for an individual to use the past-tense and they've never heard it, they just apply the regular rule of adding -ed. so a corollary would be that the past-tense of "prove" is being used less frequently than it was in previous times.

      words and rules by steven pinker is an entire book about irregular verbs, and i believe has a sentence or two about proven/proved. he definitely has many paragraphs, possibly a chapter, on the -en / -ed deal. he also talks a bit about why irregular forms persist over time. he also has some serious pedantic axes to grind.

  2. Is Hanlon's Razor sharp enough to cut this? by sapphire+wyvern · · Score: 5, Interesting

    It's usually correct to not blame on malice what can be explained by incompetence. But I do find it hard to understand how a seemingly-simple requirement (essentially, count the number of times a button has been pressed) can be so badly botched by a company whose other "secure terminal" products (eg, ATMs) seem trustworthy and reliable, without the implication of a sinister motive.

    1. Re:Is Hanlon's Razor sharp enough to cut this? by shaitand · · Score: 5, Insightful

      Someone with 30 minutes of quickbasic experience can write an application that accurately counts button presses.

      The fact that we are being asked to swallow this is disgusting.

    2. Re:Is Hanlon's Razor sharp enough to cut this? by eebra82 · · Score: 4, Insightful

      It's usually correct to not blame on malice what can be explained by incompetence. But I do find it hard to understand how a seemingly-simple requirement (essentially, count the number of times a button has been pressed) can be so badly botched by a company whose other "secure terminal" products (eg, ATMs) seem trustworthy and reliable, without the implication of a sinister motive.

      That's because money is heavily monitored and tracked wherever it goes. Votes are registered and received, but not monitored and traced on two ends.

      --
      Full Tilt
    3. Re:Is Hanlon's Razor sharp enough to cut this? by Benfea · · Score: 3, Interesting

      I am also a believer in Hanlon's Razor. In fact, I I'll stick with Hanlon on this one and disagree with you.

      When the owner of Diebold boldly promised to "deliver" Ohio to the Republicans (was it in 2004?), I'm pretty sure he was talking about how easy his product is to hack, not about bugs in the software (intentional bugs or otherwise). There is strong circumstantial evidence that Diebold has been involved in intentionally changing the results of elections, but I don't think this particular counting mishap is further evidence of that; I think it's just shoddily-written software.

    4. Re:Is Hanlon's Razor sharp enough to cut this? by Anonymous Coward · · Score: 5, Insightful

      Don't be a retard. No one with 30 minutes of Quickbasic experience can write an application scanning paper ballots and perform optical recognition on them with any degree of accuracy.

    5. Re:Is Hanlon's Razor sharp enough to cut this? by theaveng · · Score: 4, Informative

      If you read the article, they were Not pressing buttons. This was a paper-and-pen method followed by a scanning machine. The scanning machine was dropping ballots for some unknown reason.

      --
      FOX NEWS.com should be BANNED from television and internet. Have the Congress take it over and give us Truespeak.
    6. Re:Is Hanlon's Razor sharp enough to cut this? by kvezach · · Score: 3, Insightful

      If anything is simple enough for formal verification to work, yet important enough that formal verification should be used, surely voting machines must be it. Of course, if they're really doing this out of a sinister motive, then (to them) there's no point.

    7. Re:Is Hanlon's Razor sharp enough to cut this? by nabsltd · · Score: 4, Informative

      The point is that the machine failed at identifying the ballots, not just identifying votes.

      I can see that optical scanning might have issues, but then the counting machine needs to spit out the "bad" ballot into a different pile so that it can be manually checked. The machine failed to do this.

    8. Re:Is Hanlon's Razor sharp enough to cut this? by Elder+Lane+Hour · · Score: 2, Interesting

      All the more reason not to trust even a full blown QA team with our votes.

    9. Re:Is Hanlon's Razor sharp enough to cut this? by betterunixthanunix · · Score: 2, Interesting

      There are a few differences between ATMs and voting machines. First of all, ATMs are used daily, and if there was a bug in an ATM, it would be caught very quickly. Second of all, ATMs can be reflashed using the same connection that they use to contact the bank, so if a bug was found, it could be corrected very fast. Also, a bank has a HUGE financial incentive to test ATMs extensively before putting them in service, so it is unlikely that a bug would make it into the real world.

      In general, it is hard to reflash a voting machine when a bug is found. The states' have laws about modifying those machines, and require that a long certification process take place after the modification (which is not to say that the certification process is in any way useful). The only incentive to check the machines for accuracy is idealism about the voting process, which is great in theory but not really shared by the majority of society.

      I'm not defending the voting machine companies here. Malice is a stretch though; so is ignorance. I would blame it on tight schedules, poor internal engineering standards, and lack of initiative on the states' part to require useful certification. What probably happened was a small team was told to put their ATM project on hold for as short a period of time as possible to develop a voting machine, and their manager got uppity and tried to get them to finish even faster.

      --
      Palm trees and 8
    10. Re:Is Hanlon's Razor sharp enough to cut this? by Elder+Lane+Hour · · Score: 4, Interesting

      The fact that we are being asked to swallow this is disgusting.

      The fact that we're being asked to swallow electronic voting is disgusting. Some things electronics simply don't do well, and one such thing is accountability. We should be demanding accountability. Not just in angry letters to congress-critters, but outside voting booths, to the people who mindlessly register their vote, without any real clue if their vote will count or not.

    11. Re:Is Hanlon's Razor sharp enough to cut this? by the+eric+conspiracy · · Score: 4, Informative

      The fact that we are being asked to swallow this is disgusting.

      Thats what my ex used to say.

    12. Re:Is Hanlon's Razor sharp enough to cut this? by SleepingWaterBear · · Score: 5, Insightful

      This is a bit of an overreaction. There's no reason that a properly designed electronic voting system can't achieve greater speed and accuracy while producing a paper trail which allows full accountability. Just have the machine produce a printout which the individual voter can verify, then in case of doubt you can always resort to a manual count. Ultimately electronic voting systems should save time and increase accuracy, and we're going to switch to them.

      The problem here is that the politicians have no idea what a properly designed electronic voting system looks like, and so they just leave it all up to Diebold and the like, who have no real incentive to do things right. What we really need here is a detailed set of specifications for how voting machines ought to perform, and laws that prevent machines which don't meet those specifications from being used in an election.

    13. Re:Is Hanlon's Razor sharp enough to cut this? by db32 · · Score: 4, Insightful

      Your right. They would say "that's a fucking stupid idea to scan ballots and use OCR to read them and then just rely on the machine when it promises that it got the answer right, at the very least we should be counting button presses".

      Do you hold your ATM pin number up to the screen waiting for it to be scanned or do you punch the buttons...

      --
      The only change I can believe in is what I find in my couch cushions.
    14. Re:Is Hanlon's Razor sharp enough to cut this? by Anonymous Coward · · Score: 2, Funny

      Yes, but someone with several years of python experience could do this in less than 30 minutes. Just type import ballot_counter Although in Py3K they've changed the name to ballotCounter, just so you know.

    15. Re:Is Hanlon's Razor sharp enough to cut this? by digitalunity · · Score: 2, Funny

      Mine too. After the OCR machine acknowledged my ballot was readable, they gave me a sticker that said "I voted".

      I asked him for a second one and walked around all next day with two "I voted" stickers on.

      Surprisingly, nobody asked me if I voted twice.

      --
      You can't legislate goodness. Let each to his own destiny, by will of his freely made choices.
    16. Re:Is Hanlon's Razor sharp enough to cut this? by scribblej · · Score: 4, Insightful

      I program banking systems for a living.

      It's cute that you think "electronics simply don't do [...] accountability." Believe me, I'd be out a job real fast if they didn't.

      The bottom line is, this was handled really, really poorly.

    17. Re:Is Hanlon's Razor sharp enough to cut this? by whoever57 · · Score: 4, Informative

      The point is that the machine failed at identifying the ballots, not just identifying votes.

      Not true. The machine counted the ballots and then later, the software deleted them along with any record that they ever existed.

      --
      The real "Libtards" are the Libertarians!
    18. Re:Is Hanlon's Razor sharp enough to cut this? by mrmeval · · Score: 4, Insightful

      That's shit. I'll take the ballot I handle and allow it to be scanned. If the count is suspect then the ballots exist outside of some computer generated fantasy and real humans can count them.

      --
      I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
    19. Re:Is Hanlon's Razor sharp enough to cut this? by HornWumpus · · Score: 2, Insightful

      Your union rep wants to see your voting receipt to make sure you voted 'correctly'!

      If that doesn't scare you imagine the same scenario with your boss doing the verification.

      You can't make the system 'voter auditable' without losing the secret ballot.

      Take your idea but don't print the verification number on the ballot. Store it in the voting machine then reconcile the machine records to the central databases at the end of the day as a check. Hackers would have to change multiple systems in synch to get away with steeling votes.

      Registration fraud still needs to be fixed.

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
    20. Re:Is Hanlon's Razor sharp enough to cut this? by SleepingWaterBear · · Score: 4, Interesting

      That's shit. I'll take the ballot I handle and allow it to be scanned. If the count is suspect then the ballots exist outside of some computer generated fantasy and real humans can count them.

      Well, that's why you have a printout which the voter verifies and essentially acts as your 'ballot'. Then you make sure that in the case of any remotely reasonable doubt you do a hand recount. I know I'm repeating myself, but your response suggests I wasn't clear enough.

    21. Re:Is Hanlon's Razor sharp enough to cut this? by User0x45 · · Score: 3, Informative

      Close, but just to be clear.

      > just have the machine produce a printout
      > which the individual voter can verify,
      > then in case of doubt you can always
      > resort to a manual count.

      The DRE interface is good to use in making selections in an election. A machine prints or punches or otherwise indicates the voters intent on a piece of paper (a paper ballot). The voter holds it, looks at it, and confirms it is a proper rendering of their vote. Then they take their paper ballot and walk away from the DRE. The DRE holds no more information than a stapler holds after having stapled documents together.

      The piece of paper (ballot) is carried over somewhere else and is OCR'd, or manually counted, or whatever. The DRE isn't a part of counting votes. Only the paper ballots, verified by the voter, are sources for counting results. We can machine count the ballots, hand count, whatever.

      DREs are great interface, and machines can print/punch out beautiful accurate paper ballots that are free from extraneous marks and outside the line marks etc. But once it is in the voters hand, and the voter looks and approves of it, the paper ballot is the only data source.

      Not 'voter verified paper trail receipts' it must be 'voter verified paper ballots'.

      --User0x45

    22. Re:Is Hanlon's Razor sharp enough to cut this? by shaitand · · Score: 2, Insightful

      'The fact that we're being asked to swallow electronic voting is disgusting. Some things electronics simply don't do well, and one such thing is accountability.'

      Paper and electronic systems are equally accountable. The solution is transparency and to combine the two. Count the votes electronically, in real time, on a large publically visible display with a serial number attached to the ballot. You watch your vote be added to the tally. Then you take the human readable, optically scannable printout, again with serial number on it and drop it into a seperate box that scans it and keeps a second tally.

      You have no proof of your serial number to show someone who wants to buy your vote. Both tallies must match. You watch your vote counted publically and if counted wrong then can raise issue right there. It doesn't matter that you have no proof you are n576898 because there will be a discrepency in the database record for n576898 and the human readable printout. And the pollsters can watch from start to finish to assure that the number of voters matches the number of votes.

    23. Re:Is Hanlon's Razor sharp enough to cut this? by hairyfeet · · Score: 2, Interesting

      I know this is weird, but I think the new machines we used this year in little small town AR finally got electronic voting right. I don't know who made them, but I doubt Diebold made anything that fool proof. It had a nice big, easy to read touchscreen and a big yes/no button by each candidate, which would then pop up a conformation box when you chose that said "You picked...is this your choice? If not please hit the blue cancel button". And finally when you confirmed a nice big, easy to read paper ballot was printed behind a clear glass slot next to the screen pointing up at you. This way you could simply look at the paper and see quite clearly it was putting down who/what you voted for. When you were finished voting the election volunteer used a small cartridge to collect the electronic vote and picked up your paper ballot and while the paper ballot was placed in a box in front of 3 officials the electronic one was set on the desk in front of the same until the next vote was cast.

      I have to say that this year they really seemed to have everything down to a science. Everything was fast, smooth and orderly, and finally what I thought was a really nice touch was what they did when someone was in the wrong place. While I was in line 2 of the folks ahead of me had not been switched over from their previous voting district, but instead of making them drive across town and hope they were on the other polling district rolls an election official would simply ask them to wait aside for a few minutes while he called the polling district in question and had them switched over to the new district. Both of those that were in the wrong place got to vote with only a 10 minute delay. Very efficient, very orderly and polite. considering the messes we had had in 2000 and 2004 with junky machines I was quite impressed how quickly and smoothly everything ran. I just wish all my interaction with the government was so smooth.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    24. Re:Is Hanlon's Razor sharp enough to cut this? by NotmyNick · · Score: 2, Insightful

      I program banking systems for a living.

      It's cute that you think "electronics simply don't do [...] accountability." Believe me, I'd be out a job real fast if they didn't.

      The bottom line is, this was handled really, really poorly

      Or really, really well...

      --
      Notmysig
    25. Re:Is Hanlon's Razor sharp enough to cut this? by scribblej · · Score: 2, Insightful

      I would have said the same thing to the person you are replying to, but since you did, let me play devil's advocate and say you're only right if the intent was to either facilitate voting, or subvert the system directly. If the goal was to destroy faith in the system, this is a pretty good job.

    26. Re:Is Hanlon's Razor sharp enough to cut this? by pbhj · · Score: 2, Interesting

      There is a key difference in Islam in the Imam's are the ultimate authority (or perhaps you could weasel it and say their interpretation of the Koran and Haddith is the ultimate?) whilst in a Christian church the ultimate authority is the word of God, especially as expressed in the Bible. Christianity is about personal faith, Islam is about a whole system for living.

      Thus Islam is a political system too, whilst Christianity is not.

      I think Judaism leans more towards the Islamic side with the rabbinic tradition.

      On a side note I'm interested to know which "church" you are referring to that believes in multiple gods? Hindus for example use a temple. Church is a specifically Christian word as it's etymology is of greek words for a "congregation of the Lord".

  3. DIEBOLD: We vote so you don't have to ... by Rockin'Robert · · Score: 5, Insightful

    Stalin told us: "It's not who votes. It's who counts the votes," but we NEVER listen to anybody - huh? (Not that I am a fan.)

  4. One area where open source will definitely win by Raleel · · Score: 5, Interesting

    In testing. You need to be able to verify the testing mechanism. Open Source will win there because of the ability to view and modify the code. Just verify that you are testing with the same stuff that you reviewed.

    --
    -- Who is the bigger fool? The fool or the fool who follows him? --
    1. Re:One area where open source will definitely win by Hal_Porter · · Score: 5, Funny

      In testing. You need to be able to verify the testing mechanism. Open Source will win there because of the ability to view and modify the code. Just verify that you are testing with the same stuff that you reviewed.

      Live Free or Diebold!

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    2. Re:One area where open source will definitely win by Anonymous Coward · · Score: 3, Funny

      Really? Jesus Christ! Thank fuck it wasn't in German then.

  5. 64,161 votes with 197 errors by zoomshorts · · Score: 2, Interesting

    Sounds like they used humans to count the vote in reality.

    A very small percentage. Still a concern.

    1. Re:64,161 votes with 197 errors by iammani · · Score: 2, Informative

      A very small percentage.

      ... Assuming that there were no further bugs.

    2. Re:64,161 votes with 197 errors by digitalunity · · Score: 2, Insightful

      Exactly. In a lot of places, jerrymandering has made individual votes less important because the winners often win by a large margin. This is true for both major parties.

      However, for statewide elections as evidenced in Minnesota recently, individual votes can have a HUGE impact. A +/- 200 error isn't good enough when the winner's margin is only 100 votes.

      --
      You can't legislate goodness. Let each to his own destiny, by will of his freely made choices.
  6. Comment removed by account_deleted · · Score: 4, Informative

    Comment removed based on user account deletion

  7. Kudo's by stabiesoft · · Score: 3, Insightful

    To this guy who took it upon himself to provide this check, and kudo's to the supervisor who made it possible. The idea of providing DVD image scans so anyone can verify the vote is genius. I hope other counties start providing real verification like this.

  8. What bothers me more by WindBourne · · Score: 3, Interesting

    is not that companies like Diebold would be corrupt. It is that BOTH dems and pubs have pushed NOT to have a paper trail. Basically, they claim to have our best interest at heart, and yet, we have the likes of Cheney, Rove, Libbey, Delay, Hastart, Stevens, Jefferson, Blogovitch, Daley (certainly original ) , possibly Jackson Jr, etc, etc, etc. Even now, some dems are pushing for NO punishment for Stevens and others are saying no investigations into all of W's admin hijinks. Makes you wonder who these ppl are really representing.

    --
    I prefer the "u" in honour as it seems to be missing these days.
    1. Re:What bothers me more by WindBourne · · Score: 2, Insightful

      Public servants CAN have all's best interest at heart. There are many. I would argue that most state politicians and most civil servants do in fact have just that. Feds are a different matter. They tend towards corruption. This is true everywhere. Heck, just look at EU. Watching the copyright/patent issues being pushed there. Many citizens object to America's INSANE IP policies, and their citizens are fighting them. But their federal politicians and employees are split. A number of their tactics have suggested that the changes have occured after at least 1 major company came in and pushed for software patents and copyrights. That was total corruption (just like here).

      --
      I prefer the "u" in honour as it seems to be missing these days.
  9. a pretty normal software bug .. :) by rs232 · · Score: 3, Interesting

    "it looks like a pretty normal software bug"

    maybe on your planet the ability to count up in single integer increments is considered too esoteric for the average QA team, but here it's something the average IT student can manage ..

    --
    davecb5620@gmail.com
  10. why not have dual voting programs? by kingduct · · Score: 3, Insightful

    I have read over and over about unreliable software counting votes. Why not have each vote be counted by two programs? It seems like it would be fairly trivial to have them share the same interface, but the actual methods of counting votes and securing themselves would be completely independent. They would be written by two sources (whether free or not) and then could be used to test each other (in addition of course to humans counting the paper trail the two would print out).

  11. you are talking rubbish .. by rs232 · · Score: 4, Insightful

    "There are a few differences between ATMs and voting machines. First of all, ATMs are used daily, and if there was a bug in an ATM, it would be caught very quickly. Second of all, ATMs can be reflashed using the same connection that they use to contact the bank"

    Firstly, voting machines should be subject to a full stress test before being deployed in a live election. Secondly ATMs can not be remotely 'reflashed', To upgrade required the replacement of the ATM module and the use of an external hand-held unit (plugged into the ATM) and the presence of two bank officials and the use of two unique PINS.

    --
    davecb5620@gmail.com
  12. Are you sure your vote counted? by whoever57 · · Score: 4, Interesting

    Mine too. After the OCR machine acknowledged my ballot was readable, they gave me a sticker that said "I voted".

    It may well have been readable, but the first articles I saw on this make it clear that being readable is not a guarantee of your vote actually being included in the result.

    The first articles make it clear that votes were counted and then, in some circumstances, From that article:

    The ballots even showed up in preliminary tallies counted on election night on November 4 and in a report printed out on November 23. But some time after this point, the tabulation software inexplicably deleted the ballots without election officials ever knowing.

    Still sure your vote counted?

    --
    The real "Libtards" are the Libertarians!