Diebold Election Audit Logs Defective

mtrachtenberg writes "Premier Election Solutions' (formerly Diebold) GEMS 1.18.19 election software audit logs don't record the deletion of ballots, don't always record correct dates, and can be deleted by the operator, either accidentally or intentionally. The California Secretary of State's office has just released a report about the situation (PDF) in the November 2008 election in Humboldt County, California (which we discussed at the time). Here's the California Secretary of State's links page on Diebold. The conclusion of the 13-page report reads: 'GEMS version 1.18.19 contains a serious software error that caused the omission of 197 ballots from the official results (which was subsequently corrected) in the November 4, 2008, General Election in Humboldt County. The potential for this error to corrupt election results is confined to jurisdictions that tally ballots using the GEMS Central Count Server. Key audit trail logs in GEMS version 1.18.19 do not record important operator interventions such as deletion of decks of ballots, assign inaccurate date and time stamps to events that are recorded, and can be deleted by the operator. The number of votes erroneously deleted from the election results reported by GEMS in this case greatly exceeds the maximum allowable error rate established by HAVA. In addition, each of the foregoing defects appears to violate the 1990 Voting System Standards to an extent that would have warranted failure of the GEMS version 1.18.19 system had they been detected and reported by the Independent Testing Authority that tested the system.'"

Fraud

[Hatta]

Ok, so when do we get to throw Diebold exec in jail for election tampering already?

Re:Fraud

[Mr.+Underbridge]

Ok, so when do we get to throw Diebold exec in jail for election tampering already?

When you can prove intent.

Or, put another way, "Never ascribe to malice, that which can be explained by incompetence." --N. Bonaparte

Re:Fraud

[Frosty+Piss]

Ok, so when do we get to throw Diebold exec in jail for election tampering already?

The better question might be when will Diebold ask for a stimulous bail-out?

Re:Fraud

[DrLang21]

The only problem with this is that our government solicited for this product. As far as anyone can tell, Diebold met the quality control and traceability standards that were put in place by the US government for this type of device, which is to say THERE WERE NONE. It was unethical for Diebold to put out the product that they did, but that's not to say that it was illegal or treasonous.

Re:Fraud

[Volante3192]

Gambling machine standards. ATM standards.

Why couldn't they just copy/paste those? It's pretty much a guarentee those are as close to bulletproof as we can make hardware. (I'd personally lean towards the video poker standards, somehow I think those are more rigorously designed than ATMs)

Re:Fraud

[roman_mir]

the same time you throw your politicians who sold you out to corporations to jail or shoot them and make them pay for the bullets.

Re:Fraud

[DrLang21]

now, this company makes cash machines and from what I understand, they are exact to the penny. and thousands more people use these (per day!) than the once-every-few-years cycle of voting.

Except that Diebold didn't make these machines. Premier Election Systems made them, and then was bought up by Diebold. It was certainly negligent and a very poor choice by Diebold who probably just saw the dollar signs with HAVA. If Diebold really conspired to get Republicans into office via election fraud, making GEMS nothing more than a glorified MS Access database was a really dumb way to do it, since Democrats could just as easily make use of the security holes. If you locked up every government official that "bought off" on this, you would need to lock up every official that voted for HAVA.

analogy time (no cars): if I see you are an artist and have painted amazingly accurate portraits of people and I hire you to paint one of me - and you give me a POS and say 'this is the best I can do' - you should be able to sue them since they have established a standard of quality they CAN meet and yet chose not to on a certain occasion.

Except that you can't unless you have some contract that allows you to not pay them until you like the output. Which by the way, the US Government didn't approve the Diebold machines for use until they were approved by the US Government.

Was there conspiracy? Maybe, it certainly looks suspicious. But it looks a lot more like bad negligence on the part of everyone involved.

Re:Fraud

[Chelloveck]

Or, put another way, "Never ascribe to malice, that which can be explained by incompetence." --N. Bonaparte

I generally agree with that statement, but I'm really having a hard time figuring out how anyone could be that incompetent. What does a voting machine need to do? Count ballots, and keep a record of the count. That's about it. Oh, sure, you put a nice GUI and a touch screen on it, but at its core you're simply doing "candidate++; write_log(candidate);" over and over again. And the numbers you're counting aren't even that big, relatively speaking. They're certainly not going to overflow a 32-bit integer, so you don't have to worry about roll-over.

How can anyone be incompetent enough to screw that up? That's truly creative incompetence.

Re:Fraud

[Jurily]

We should change the laws to hold devices used in state and federal elections to similar or same standards as life-critical medical devices.

They are life-critical. Just ask Saddam.

Re:Fraud

[eggnoglatte]

In both ATMs and gambling machines, the operator is a trusted entity. In voting he is not. Big difference.

Re:Fraud

[Mister+Whirly]

I have made applications myself using VB commands and an MS Access database that was far less bug prone than the GEMS software. Bad programming is bad programming no matter what the front or back ends are.

Re:Fraud

[Volante3192]

So the user behind that video poker machine is considered trusted?

How do you possibly figure that?

Re:Fraud

[Dewin]

The owner of an ATM generally trusts whoever is in charge of maintaining it (usually an employee or a contractor), and assumes that they won't tell the machine it has $5 bills when it really has $20s and output 4 times as much money as it should and that the maintainer won't tamper with it to try to alter the records of how much money was withdrawn so they can pocket the difference.

The owner of the bank account also trusts the ATM to not take more money than it says its taken, and to take it from the correct account. Also worth noting, ATMs do have a verified paper trail (there's a receipt at the end of the transaction.)

Of course, ATMs aren't infallible either -- I had one crash in the middle of a withdraw once -- deducting $60 from an account without actually giving me the money. The second attempt actually ended up overdrafting my account, but the bank fixed it. :)

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:allowed???

[JCSoRocks]

This entire situation is insane. My company's software isn't perfect but we can handle hundreds of thousands of transactions without missing one. I don't understand how you can fail so miserably at something as simple as electronic voting. The post below about it being based on an Access database melts my brain.

Re:allowed???

[Spacepup]

The difference is that with a paper ballot system, there is an accurate paper trail. You can't just toss out an entire block of ballots without someone finding them in the trash with a paper ballot system. But, it appears that exactly that can happen with the diebold systems.

Diebold may not be maliciously trying to tamper with elections. They have just made it exceptionally easy to tamper with elections. They should not be trusted.

The real problem

[WindBourne]

Ou banking system makes heavy use of Diebold. One of two things is happening.

1. Diebold is inept and we have mass issues in our banking systems.
2. Diebold has PURPOSELY done this.

I have not seen a single issue in my accounts due to ATMs.

Re:The real problem

[Vandilizer]

1. Diebold is inept and we have mass issues in our banking systems.

Just a quick replay to your first point.

WE DO HAVE A MASSIVE ISSUE WITH OUT BANKING SYSTEM.

where have you been the past year? Canada :)

Re:allowed???

[girlintraining]

There is an *allowed* number??

In any organic process, there will be a systemic error rate. These are people we're dealing with, not machines. People get confused, they make mistakes, they get angry and other people allow those mistakes to stand, sometimes they do the right thing for the wrong reasons or the wrong thing for the right reasons. Voting is a right, but nobody ever said it's done right. That said, the goal is to make that error rate less over time, to make continuous improvements in voter education, in process control, and in effective auditing, all the while knowing that perfection is a direction not a goal.

The problem as presented here is that the error rate grossly exceeds what previous methods had, and that this is attributable to systemic flaws, rather than the inherently higher initial error rate that would be present in the early use of any new system.

Why Authentication is a good idea!

[Zymergy]

I was very surprised this past election when I attempted to show my State Issued Photo ID card (Driver's License) and Social Security Card to prove who I was in order to vote.
The very polite woman looked away and told me that she CANNOT look at my ID Cards because of laws/rules.
She simply verbally asked for my name from a list of registered voters in my district, I signed my name on the blank beside my computer printed name and was handed my ballot.
Scratching my head, I went into the both and voted. Next I returned my paper ballot card to a large scanning device and inserted it and that was 'voting' for 2008.

What troubles me is that there was almost ZERO authentication! All I needed, was a name and to show up where that name would be likely registered and I could vote fraudulently.
I get more authentication getting gas with mt debit card at 7-11!
I realized that this must be ON PURPOSE. But why? All I can conclude after much though is to allow fraud.
->We already have a perfected system that nearly everyone already knows how to use! They are called Credit Cards!

Why can Mastercard/Visa reliably authenticate BILLIONS of unique transactions with very little error and an audit trail and Diebold cannot?
I believe that when the US has another election, we should be issued Visa/Mastercard Debit cards with our pictures on them linking to a database of our eligibility to vote in US elections.
We use the same credit card/ debit card devices that are used all over which are tied to a computer touch screen, and we "purchase" a list of candidates (just like building a PC at NewEgg..) and then "purchase".
Now I have a printed receipt that instantly confirms my choices and selections after the transaction. If I made any mistake, I will need to immediately take that receipt to the person conducting the elections with my photo ID debit card for voting, and they will assist me in correcting the errors and I will need to electronically sign a form and will be issues a correction receipt with my previous incorrect choices credited to my "account" and the my new correct selections "purchases" on the new receipt.
of course, I will be able to later look this up online to verify my paper receipt matches the online database of my "votes" (purchases).

Why reinvent the wheel? Mastercard/Visa have over 30 year experience conducting authenticated transactions and their fee is typically less than 3%.
The Sause is not in the touch screens or their audit logs, it is in AUTHENTICATION and being able to reliable VERIFY your selections got registered as your choices.
(Of course I will later expect a statement via the US Mail (built in fraud protection laws) that will exactly match my printed receipt obtained at the time of my voting...)

People don't care any more

[pembo13]

Most people will feel that the candidate they wanted won, so the machines must be okay. Most will never consider the possibility that their candidate wasn't supposed to win. Or won despite having the machines against him. And the losing side had already picked scapegoats before the election so the don't need to worry about the machines.

Too bad, so sad

[spun]

I know it must be hard for you to bear, having a responsible centrist president. But fortunately THESE election results were valid, unlike your Mr. Chimp's first election by judge. It shows your real character, that winning is more important to you than democracy. So I don't feel too sorry for you. In fact, I'm glad the Republicans have become the marginalized party of the deep south, religious fanatics, and wingnuts everywhere. Please, please run Palin for president! That would guarantee another four years of Obama. Seriously, you guys just need to form a new conservative party. Your current one is deceased.

All in favor of....

[BountyX]

Open Source voiting (software and hardware), with code in public domain and some verification systems in place.

hahaha clear "messages" ....

[unity100]

as if any message that had been sent to any parties in the preceding 50 years accomplished anything ...

you still have madoffs, cheneys, that rotten republican appointed DOJ woman that screened FIFTY applicants in regard to their views on abortion, bush, freedom of speech etc BY MISTAKE (she says so) by using special software specifically built for that task, nixon, well. you keep counting.

'clear message' hahahaa. clear messages do not work. VIGILANCE does. you, as citizen, have to be always vigilant and in defense of your rights and your liberties'.

Re:allowed???

[AK+Marc]

The difference is that with a paper ballot system, there is an accurate paper trail.

In Chicago, the Democrats would have a pre-printed set of ballots already filled out to go back in with the others. They'd make sure that dead people voted and such to get the numbers close enough that people wouldn't lose too much faith in the system. Or the Republicans in the south that would use poll taxes after they were illegal, block access, change polling places so that people couldn't vote. In both cases, no amount of recounts will get you the accurate number. The paper doesn't match the people's will. So, you are assuming that a paper trail is "accurate" when even if everyone that wanted to vote did, and the ballots weren't tampered with, there is still controversy. Is it a dimpled chad? Pregnant? Hanging? Paper can be better or worse than electronic voting, and electronic voting can have a paper trail as well. So to claim one is superior means to me that the person making the statement is comparing the best theoretical implementation of one with the worst of the other. To compare a "proper" implementation of each would result in a near-tie, well withing the current allowed error rates. It's just that it's easier to screw up the electronic version (well, not even that, but that the lowest bidder for an electronic system will put out crap, and the lowest bidder for a paper system can't do that bad unless they serve it all on flash paper and you use candle light to read the ballots).

Re:Minnesota Anyone?

[Ironica]

Considering that still, several months later, the State of Minnesota is recounting paper Senate ballots over and over, is this REALLY that bad of an option?

You mean, it's better to have an electronic system arbitrarily choose a candidate quickly, than a paper system slowly choose a candidate based on actual votes?

Re:can we at the very least sue them

[davester666]

The last sentence in the summary seems to blame the testing of the provided system for not detecting that the system is defective. So, it's the customer's fault that a defective system was used, not the vendor's.

Re:How hard can it be?

[gclef]

Too many moving parts. If any one part of the chain there fails during testing (which really only happens in the couple weeks before the election), then that box is unusable, which means there's going to be a *lot* of unusable machines in any given election. Also, any system has to be able to be verified that it's working properly by ANYONE...because that's who you're going to get as volunteers. IT-comfortable folks are thin on the ground as election volunteers.

I volunteered as an election judge this past November, and that was one thing I took away from the experience: Election offices are not IT shops, and are just not set up to anticipate all the failures that will occur with IT gear. For example, we had tons of problems with the UPS' they were sending out to each voting site. As an IT person, you'd expect a fairly high rate of UPS failure after 2 years...they hadn't anticipated that at all.

Re:Not ***ADEQUATELY*** explained by incompetence

[Stephen+Samuel]

Code has been found in the diebold system that has no reasonable explanation for its existence other than the rigging of elections.

In any event, this stuff is not a case of the system messing up randomly or just working badly. Diebold has marketed their system as being capable of producing secure, accurate election results, and is nowhere near that level of competence.

Given the brutal simplicity of what is required, I see no reason why they shouldn't be held to the same level of responsibility as someone who is making a heart monitor, or even an electronic slot machine.

An, yes, you're right. You're not an apologist for anybody, you're an apologist for someone very, very specific -- Diebold.