Hacker Exposes Parts of Florida's Voting Database

Dangerous_Minds writes "Some people feel that elections can be rigged and votes tampered with. One hacker, who goes by the name of Abhaxas, decided to prove that votes aren't secure by exposing parts of the Florida voting database. Said Abhaxas while posting the data, 'Who believes voting isn't tampered with?'"

Good job on behalf of the hacker

[Cito]

Hopefully this can help finally shed light on voting fraud to stuff the ballots in our election process. I've never been one for electronic voting as it's so much more easily tampered with. And only reason it's pushed so much is due to companies like diebold and the media who push so they can have up to the second voter tallies so they can sound like they are on top of everything when reporting.

It needs to go back to the old way, which wasn't perfect, but was hell of a lot better than electronic voting.

Re:Good job on behalf of the hacker

[Dragon+Bait]

As long as there isn't positive identification of voters at the voting booth, there will always be rampant fraud in some areas. Eliminate the hacker prone, but require state ID to vote.

Re:Good job on behalf of the hacker

[tripleevenfall]

Maybe we should re-evaluate the secret ballot. It would seem like fraud is always possible as long as ballots can't be linked one to one with a person. Even with paper ballots, someone can always steal or destroy or fill out fake ones.

Why not just go ahead and make it all verifiable?

When you show up to vote, they print a bar code off on two labels. One goes into the log book next to your name, the matching label goes on the ballot.

Re:Good job on behalf of the hacker

[damiangerous]

Why not just go ahead and make it all verifiable? Coercion. An employer or union boss can easily make sure their people vote the "right" way if they want to keep their jobs.

Re:Good job on behalf of the hacker

there was once a very good ted talk on voting process with a nice scheme to make it verifiable for the person that voted but not for anybody else.

Re:Good job on behalf of the hacker

In mexico we require ID and put some ink on the persons thumb. it's kinda hard to remove. no impossible by any means, but I'm sure someone could come up with something harder to remove, that would last for a few days.

Re:Good job on behalf of the hacker

I'm pretty sure we want to avoid modelling our system after mexico when it comes to election fraud. ;)

Re:Good job on behalf of the hacker

[tripleevenfall]

Verifiable != public

Re:Good job on behalf of the hacker

[Lennie]

Verifiable != public

You are funny. :-)

Someone will always have access to it.

Re:Good job on behalf of the hacker

Okay, so are you also going to ignore UV dye in your CS Spray just because a Mexican may also want to UV dye an attacker?

Or lemme guess, you don't carry CS because you are an indestructible American Ninja. Got it.

Re:Good job on behalf of the hacker

[Evets]

why exactly would this help? All ID requirements do is disenfranchise lower income voters. It has nothing to do with protecting vote data.

Re:Good job on behalf of the hacker

[tripleevenfall]

someone != everyone

Re:Good job on behalf of the hacker

I am on vacation in Nicaragua, they vote here by registering their cell phone number and calling in their vote, strangely enough the losers have a very difficult time getting contracts, especially if their business is linked to their phone.... secret votes are a good thing, but they need to be secure, thats the part we have gotten wrong.

Re:Good job on behalf of the hacker

[PopeRatzo]

This Ohio Republican representative got his license pulled because he was driving drunk. If the election was tomorrow he wouldn't be able to vote.

He's the sponsor of a bill to require photo ID in order to vote.

The sponsor of an Ohio bill which restricts access to the ballot box was arrested back in April on drunk driving charges while he had a 26-year-old woman in his car and Viagra in his system, according to police reports.

On April 23, an Indiana state trooper pulled Rep. Robert Mecklenborg over for a burned out headlight on a 2004 Lexus he was driving. After failing three separate field sobriety tests, Mecklenborg allegedly refused to take a breath test and was placed under arrest. A blood test later revealed that he had recently taken a Viagra.

Laws requiring photo ID to vote only exist to keep poor people from voting. Let's not bullshit, here. How did the United States last 235 years without requiring photo IDs to vote? How come we haven't had any scandals involving ineligible people voting despite the Bush Administration promising to make it a priority?

If you want to do voter fraud by having ineligible people voting, it takes a lot of hard work. If you want to do it using electronic voting machines, it's trivial. How can you suggest that until we have laws keeping poor people from voting we shouldn't get rid of electronic voting? It's like ignoring the hole in the bottom of the boat because you want to make sure your captain's hat is on straight.

Re:Good job on behalf of the hacker

[PopeRatzo]

someone != everyone

That statement was made obsolete with the Internet.

Re:Good job on behalf of the hacker

[Dachannien]

Verifiable != public

Some people feel that elections can be rigged and votes tampered with. One hacker, who goes by the name of Abhaxas, decided to prove that votes aren't secure by exposing parts of the Florida voting database. Said Abhaxas while posting the data, 'Who believes voting isn't tampered with?'

Re:Good job on behalf of the hacker

[mywhitewolf]

although i agree with "someone != everyone". I really like the implications of your statement.

Re:Good job on behalf of the hacker

[meerling]

shhh! There's no such thing as Ninjas. And if you don't quiet down they might hear you and come and kill us all in the night... :)

Re:Good job on behalf of the hacker

[ColdWetDog]

A blood test later revealed that he had recently taken a Viagra. Wow. Is that a non sequitur or what? Just what the hell are they screening for in Ohio?

Re:Good job on behalf of the hacker

[Jeremiah+Cornelius]

Individual voter fraud at the polls is hardly the main concern - and constitutes a red-herring.

It is the institutionalised, massively fraudulent manipulation of voting totals for which we ought to be concerned, not if Pedro got to vote, or if Tyrone votes twice.

Re:Good job on behalf of the hacker

[damiangerous]

Everyone is not you. A great many people are poor, unskilled, uneducated laborers and often immigrants. They're already easily abused by employers due to lack of knowledge of labor laws, lack of resources to do anything about it and/or fear of repercussions.

Re:Good job on behalf of the hacker

[PopeRatzo]

In Texas a Non-Driver Identification Card is $16 and expires in 6 years. If you are too poor to afford a car to bother taking/passing the driving test you can get just a regular ID.

You can go to senior citizen homes and not find a single photo ID among the residents. To get one, they'd have to get their birth certificate, which might require a trip to their home town if they were born before 1955.

Photo ID voter laws are only meant to keep poor people from voting. If you look through YouTube, you'll find Republicans admitting as much. Then there are the new residency requirements meant to keep students from voting.

This is not about the integrity of elections. Exactly the opposite in fact.

Re:Good job on behalf of the hacker

[Sulphur]

Why not just go ahead and make it all verifiable?
Coercion. An employer or union boss can easily make sure their people vote the "right" way if they want to keep their jobs.

Please don't fire me. I voted for him. I could not make my daddy vote for him. From the '30's.

Re:Good job on behalf of the hacker

[CapOblivious2010]

Also, lets say you live in a union town, but aren't particularly fond of unions or democrats so you vote republican. All your friends and neighbors and coworkers now know how you voted, and you end up being ostracized (or your tires mysteriously get slashed, or worse).

Same in the other direction, of course - I'm not taking a position on Democans vs Republicrats., just pointing out that the above sort of pressure could easily induce people to vote how they think their friends/neighbors/coworkers want them to vote, instead of how they really want to vote.

Re:Good job on behalf of the hacker

[CapOblivious2010]

Question: how do you know fraud isn't taking place, if you refuse to even collect evidence that might indicate whether or not it is taking place?

There have been any number of cases where the total vote count exceeds the number of registered voters in that district... What about those?

Re:Good job on behalf of the hacker

[Schadrach]

Explain this. Oh, also assume that those engaging in said vote coercion are going to sit you down and ask you to verify your vote in front of them, so they can see who you voted for exactly as you would. Also, that they do in fact hold your career in their hands, so failing to do so entirely will be very, very unpleasant.

You'd need a system in which you could "verify" that you voted for a specific party even if you didn't, and without it being possible for a third party watching the process to know whether you were showing your actual vote or your "boss friendly" vote.

Re:Good job on behalf of the hacker

[Sooner+Boomer]

Why not just go ahead and make it all verifiable?

How do you do this? How do you insure/verify that one person only votes once? And at the same time that you do this verification, you have to insure an anonymous vote. How? (really - no sarcasm - how do we do this?)

Re:Good job on behalf of the hacker

[The+Wild+Norseman]

A blood test later revealed that he had recently taken a Viagra.

Wow. Is that a non sequitur or what? Just what the hell are they screening for in Ohio?

Erection fraud?

Re:Good job on behalf of the hacker

[suppo]

I don't see the alleged relationship between requiring having a driver's license (or equivalent State ID for non-drivers) and disenfranchising anyone. State licenses are less than $20 and are valid for multiple years.

Re:Good job on behalf of the hacker

[suppo]

Wow, +4, Insightful. Easy to see how the Mods are coming down on this topic. Fact checks:

Everyone of your example's senior citizens is collecting Social Security, which has very strict requirements for identification. You can bet that either the senior citizen or one of their children has identification available.

Although clichéd it's still true that dead people do vote in Chicago. So Photo ID voter laws are not only meant to keep poor people from voting.

(And if you look through YouTube enough, you'll find just about anything you want.)

Re:Good job on behalf of the hacker

[berzerke]

...require state ID to vote.

Having worked as an election clerk in more than one election, I can tell you that we are supposed to verify the ID (at least in Texas), but the voter registration card (no picture) is enough. Many do use their driver's license though. Personally, based on what I've seen, the weakness isn't the ID, it's the registration process. I've had people I honestly didn't believe were US citizens, one even admitted it to me, but as they were on the poll records, legally I had to let them vote. I've also seen voters that would fail the "You must be smarter than a rock" IQ test.

Re:Good job on behalf of the hacker

[Jah-Wren+Ryel]

In mexico we require ID and put some ink on the persons thumb. it's kinda hard to remove. no impossible by any means, but I'm sure someone could come up with something harder to remove, that would last for a few days.

Skip the ID part and you've still covered 99% of whatever problem actually exists. One man, one vote after all.

Re:Good job on behalf of the hacker

[lostthoughts54]

doesn't someone already have access to pretty much all your info? Shoot you could look at google searches and determine who someone voted for(for most households, with internet of course). I for one would love a way for me to verify that my vote was cast how i voted.
You could also have something like the way voting takes place for the verification. You are the only one allowed in the booth while this is checked. If they can discover with that, well they can just monitor you voting in the first place.

Re:Good job on behalf of the hacker

[anorlunda]

Everyone of your example's senior citizens is collecting Social Security, which has very strict requirements for identification.

What the hell are you talking about? I'm a senior collecting SS. I applied online and was then interviewed by phone. No scrap of ID was ever requested. I have a drop box snail mail address. I never needed to appear in person. All I needed was a SSN and an account for deposits.

Re:Good job on behalf of the hacker

[KDR_11k]

How do you prove that nobody stuffed fake ballots into the box though? That identifies a person as a voter but not a ballot as cast by a new person.

Re:Good job on behalf of the hacker

[CapOblivious2010]

Well of course you can't find any instances of voter fraud where a photo ID would help - because no one collects information on such things. Suppose I know of someone who is registered to vote, but unlikely to actually do so. I can go and vote in his place, and not only is there no mechanism to stop me at the time, or catch me after the fact, there's not even a way to determine that it's happened at all! This is the "not collecting evidence" I'm talking about. You're like a blind man wondering what all the fuss is about this "vision" thing - clearly it's not important, because you've never seen anything!

BTW, I agree completely about the "behind the ballot box" problems - they're completely unrelated, and probably more severe. If we were somehow limited to only fixing one side of the system, I'd say fix the behind the scenes aspects - like by getting rid of electronic voting. But we're not limited - we can fix (or at least improve) all sides.

P.S. As for photo IDs, I'd be just as happy with other solutions - the "indelible ink on your finger" is almost as good (if I can vote as you but then can't vote as me, then it's not really going to change the totals). I know it's fun to think that the photo ID requirement is part of a racist GOP conspiracy, but most people in favor of it are just trying to improve the system.

Re:Good job on behalf of the hacker

[ThurstonMoore]

Where I live (somewhere, USA), I have received marijuana, alcohol and money for my vote.

Re:Good job on behalf of the hacker

[BancBoy]

And from your secrecy, it sounds like you want to keep your cushy little situation going, without a mad rush of slashdotters coming to score all that weed, booze and cash.

Way to go, Mr. Selfish!

Re:Good job on behalf of the hacker

[KyderdogDan]

You know it might be time to move in that case. Nothing you vote for is EVER going to pass.

Re:Good job on behalf of the hacker

[houghi]

Laws requiring photo ID to vote only exist to keep poor people from voting.

Then all Belgians must be rich.
Voting is not an option in Belgium, it is a must. Also people must identify themselves with their ID that they must have with them at all times, not just for voting.

OK, appearing to vote is a must, not the voting itself as they could select nobody.

That said, there is e-voting here as well and it STILL is a stoopid idea. What should happen, at least in Belgium, is people show up, get their ID checked and then get 1 paper wich they take into the voting boot and then drop in the box.

The electronic part of the card is open source and can be read by anybody with a reader that can work with Windows, Mac and Linux or any other OS if you write the software. http://eid.belgium.be/nl/ in Dutch and French. Some code at http://code.google.com/p/eid-mw/

Re:Good job on behalf of the hacker

[ThurstonMoore]

I was much younger when I did this. It is not something I am proud of or would do again. I just wanted to give an example that election fraud does happen.

Re:Good job on behalf of the hacker

[AmiMoJo]

Worryingly we allow that in the UK. If you go to the polling station your vote is secret, but if you have a postal vote... A husband could easily demand his wife has a postal ballot and then make sure she voted the right way. It is illegal of course but so is a lot of much worse stuff that goes on in the home.

Re:Good job on behalf of the hacker

[JaiWing]

As long as there isn't positive identification of voters at the voting booth, there will always be rampant fraud in some areas. Eliminate the hacker prone, but require state ID to vote.

unless that State ID is free... you have a voter tax. and that is already been declared illegal. (Jim Crow laws and all)

Re:Good job on behalf of the hacker

[PopeRatzo]

Then all Belgians must be rich.

Things that are done in one country are not always done for the same reasons they are done in another country.

For example: Gun ownership in US vs gun ownership in Switzerland.

We agree that e-voting is a terrible idea. The best solution would be to have the government provide every American with a national identification card. Unfortunately, this would just send the Fox News crowd further over the edge and we'd see Republican congressmen burning their bras in the chamber of the House of Representatives in a show of support.

The best way to vote, in my opinion, is in very local polling places, in person, where each region covers only the size of a few blocks. In rural areas, the voting regions should be no more than 100 families. Counted by people, by hand. Voting should take place over a long weekend, a holiday, where votes can be case in any of the three days.

Voting should be mandatory. Where it's a hardship it should be done by absentee ballot. All mentally competent citizens should be required to vote or face a $100 fine.

Re:Good job on behalf of the hacker

[suppo]

Ah, I see. Someone is a "privileged asshole" if they can afford $20 to get a driver's license or State ID card. That's quite a leap of logic on your part, AC.

Re:Good job on behalf of the hacker

[suppo]

You were already known by SS. From the SS website:

Documents You May Need to Provide
        We may need to see certain documents in order to pay benefits. A list of documents we need to see will appear at the end of the application, along with instructions on where to submit them. The documents we may ask for are:

        your original birth certificate or other proof of birth [more info] (You may also submit a copy of your birth certificate certified by the issuing agency).;
        your original citizenship or naturalization papers [more info];
        a copy of your U.S. military service paper(s) (e.g., DD-214 - Certificate of Release or Discharge from Active Duty) if you had military service before 1968; [more info]; and
        a copy of your W-2 form(s) [more info] and/or self-employment tax return [more info] for last year.

Note: If our records show that documents proving age or citizenship/naturalization have already been submitted for an earlier Medicare or Social Security claim (such as Disability, Supplemental Security Income, etc.), you do not need to submit the documents again.
http://www.socialsecurity.gov/info/isba/retirement/firstpartyrib.htm

Re:Good job on behalf of the hacker

[suppo]

Note I wrote nothing about SS needing PHOTO identification.

As for your snarky comment about Bachmann, ad hominem attacks are just a last resort used by the side that lacks logic.

Re:Good job on behalf of the hacker

[LanMan04]

A blood test later revealed that he had recently taken a Viagra.

Wow. Is that a non sequitur or what? Just what the hell are they screening for in Ohio?

Erection fraud?

Nah, they only have erection fraud in China.

Re:Good job on behalf of the hacker

[nbauman]

Yeah, but look at the documentation you need to get a Texas a Non-Driver Identification Card. http://www.txdps.state.tx.us/DriverLicense/identificationrequirements.htm

Primary identification
Must include full name, date of birth, and photo

You need a *driver's license* to get a non-driver's ID. Either that or a current passport or military ID, or non-citizen IDs.

I couldn't get this non-driver's ID in Texas without using my current driver's license. I don't even have a current passport (which cost over $100). To get a passport, I needed -- a driver's license.

This is like the "turtles all the way down" joke.

None of this (except the passwords)...

[John+Hasler]

...should be secret anyway. The only part of an election that should be secret is how each individual voted.

Re:None of this (except the passwords)...

[buchner.johannes]

How is this leak related to the poll? Its just the poll workers -- a separate system from the voting machines -- so how does this affect voting security at all?

Of course I agree that voting must be secret, integer, valid, transparent, accurate and reliable. Better use paper there, to allow independent verification.

Re:None of this (except the passwords)...

[camperdave]

Why do you need a machine to vote? Why not just pencil in an X next to the candidate's name like they do in other countries?

Re:None of this (except the passwords)...

[Jstlook]

Oh .. "5","whatever","adavis"

Re:None of this (except the passwords)...

[compro01]

Why do you need a machine to vote? Why not just pencil in an X next to the candidate's name like they do in other countries?

How is anyone supposed to profit from that kind of scheme?

Re:None of this (except the passwords)...

[jc42]

Why not just pencil in an X next to the candidate's name like they do in other countries?

Because that wouldn't produce income for the top people in the companies that make the electronic voting equipment. And, of course, those are people who have contributed to the re-election campaigns of the legislators who have promised to push electronic voting.

Also, it's pretty well understood that secret, verifiable elections aren't exactly popular with "incumbent" legislators.

Here in the US, we had that amusing case a couple of elections ago, where the CEO of Diebold (one of the main makers of electronic voting equipment) promised the Republicans in Ohio in writing that he would deliver Ohio to the Republicans in the next election. He delivered, too.

Actually, I think the best comment on this issue was this story. (For the benefit of the whoosh-impaired, I'll point out that this is a satirical site. ;-)

Re:None of this (except the passwords)...

[timholman]

Why do you need a machine to vote? Why not just pencil in an X next to the candidate's name like they do in other countries?

Umm, because in the rare circumstance that the difference in votes falls within the margin of error of spoiled ballots, the Democrats and Republicans begin a long drawn-out battle over who gets to count and interpret what those spoiled ballots mean? Like what happened 11 years ago in Florida during the U.S. presidential election?

The switch to electronic voting didn't happen without a reason (at least in the U.S.) The intent was to eliminate spoiled ballots and determine to an absolute certainty who won the election. It didn't work out that way, but that was the idea.

Of course, the federal and state governments screwed up electronic voting in their usual fashion, and now everyone is calling for a return to paper and punch ballots, which will work just fine - until the next big election that is very, very close. And then you'll hear the hue and cry for electronic voting again - lather, rinse, repeat ...

Re:None of this (except the passwords)...

[currently_awake]

In the tax system complexity is there for the benefit of the rich. I expect a complex voting scheme is therefore to benefit the rich.

Re:None of this (except the passwords)...

[hedwards]

Back in 2005 weren't they caught applying patches to voting machines in Democratic leaning counties in Georgia. Supposedly it was a bug fix, but it was never really explained why the machines happened to be in swing counties that were leaning Democratic. It's entirely possible that there was a reasonable explanation, but without a paper trail or access to the source for both the original and the patch there's no way of knowing for sure.

The really scary thing is that Diebold is heavily into ATMs as well and should really know how to secure the machines.

Re:None of this (except the passwords)...

[vux984]

The really scary thing is that Diebold is heavily into ATMs as well and should really know how to secure the machines.

Are you saying its scary because they make secure ATMs yet can't seem to even close a barn door when making voting machines, indicating deliberate incompetence?

Or are you saying its scary that a company that is so incompetent on security is trusted with making ATM machines, which you expect suffer from security just as completely catastrophic as voting machines?

Either way... yes ... it is scary.

Re:None of this (except the passwords)...

[GrumblyStuff]

Specific requirements for paper and pencil manufacturers. Erasers for vote tampering.

Still profitable but obviously with much more overhead.

Re:None of this (except the passwords)...

[Joce640k]

Why do you need a machine to vote? Why not just pencil in an X next to the candidate's name like they do in other countries?

Because in a land of cable TV, you need the results *NOW!*. If you have to wait a few hours for bits of paper to be counted people will have forgotten there was even an election.

Re:None of this (except the passwords)...

[Richard_at_work]

In the UK spoiled ballots are spoiled ballots, and the only count they are ever attributed to is the spoiled ballot count - they are never interpreted precisely because of the chance of bias being introduced.

IF your election is that close, then why not simply hold a second round of voting?

Re:None of this (except the passwords)...

[kaizokuace]

or that a company who is trusted at securing ATMs is having errors on voting machines, implying that they are controlling the voting output. Because they aren't gonna be having bugs.

Re:None of this (except the passwords)...

[Luminous+Coward]

In my opinion, in most (democratic) countries, the current voting system is too simple, and this simplicity favors the two major ruling parties, preventing all alternative voices from gaining any traction.

There are other (more complex) voting systems. I believe that some form of graphical user interface is necessary, should one ever intend to introduce any of these more complex systems.

Re:None of this (except the passwords)...

[w_dragon]

Spoiled ballots are relative though - Is it spoiled if someone made a checkmark big enough that part of it went through 2 circles? If someone used a smiley face instead of an X or check? For things that are on the line it's important to make sure that at the very least things are handled consistently, regardless of who is checking the ballots. During a second recount in my area the judge running the recount told the counters that he didn't care what the mark looked like, so long as it was obvious who the person meant to vote for the vote was to be counted, which may be the best idea but isn't necessarily what will happen if the person counting wants a specific outcome.

Re:None of this (except the passwords)...

[mangu]

Why not just pencil in an X next to the candidate's name like they do in other countries?

What could possibly go wrong?

Re:None of this (except the passwords)...

[Rogerborg]

secret, verifiable

JUMBO SHRIMP.

Here's the science: no amount of watching the watchmen is going to give a result that is "verifiable" to the people who cast their secret votes. At some point, you have to choose between "open, verifiable" or "secret, trusted". That applies regardless of the means of voting.

Re:None of this (except the passwords)...

[biodata]

> Is it spoiled if someone made a checkmark big enough that part of it went through 2 circles? If someone used a smiley face instead of an X or check? Yes and Yes. If someone is too stupid to pun a X in a box, or too crazy or otherwise motivated to do something other than put an X in a box, their vote should not be counted. It's a pretty foolproof system really.

Re:None of this (except the passwords)...

[w_dragon]

What if they're just old and have trouble controlling the pencil well enough to keep the mark in one box? You're throwing out an awfully large number of ballots for no reason if you reject everything that isn't perfect.

Re:None of this (except the passwords)...

[heathen_01]

Get someone to help you.

Re:None of this (except the passwords)...

[Richard_at_work]

What if they're just old and have trouble controlling the pencil well enough to keep the mark in one box? You're throwing out an awfully large number of ballots for no reason if you reject everything that isn't perfect.

In the 2001 UK general election, 0.3% of all cast votes were spoiled ballots, and for the 2010 election the figure fell to 0.25% - I wouldn't call that an "awfully large number".

As for your examples, if the vote isn't plain and obvious, it is discounted - it is up to the voter to make their choice obvious, not the ballot counter to interpret it. Interpretation brings bias.

Re:None of this (except the passwords)...

[Minupla]

If you don't follow the rules it's spoiled. Otherwise you're depending on the vote talliers to be mind readers (does the X mean no and checkmarks mean yes?)

We use paper ballots in Canada for federal elections and the rules are pictographed out very clearly, you put an X in the box you are intending to vote for, you fold the ballot and put it in the box. If you don't do that, it's a spoiled ballot.

Min

Re:None of this (except the passwords)...

[w_dragon]

The case I mentioned up there was in Canada - 2 federal elections ago my region went Conservative by fewer than 20 votes. The judge running the second recount was quoted in the local paper as saying something along the lines of any mark that made it clear what the voting intention was was to be counted, that to do otherwise was against the concept that in a democracy every vote counts. So no, it isn't that simple, some people will put a check because they didn't look at the directions. Some people will use a different symbol for whatever reason. Some people will be enthusiastic and the mark will go beyond the circle they're marking. So long as there is clearly one circle marked in some way the vote should always be counted.

Completely off-topic, slashdot's feature of moving the page when you click in the edit comment box is the most annoying bug I have ever seen.

Re:None of this (except the passwords)...

[flonker]

It can be done. Give each person a code that they can later use to check that their vote was counted. eg. "Thank you for your vote, your verification code is F00FC7C8", the user then looks the code up in the newspaper the next day, and can see that code F00FC7C8 voted for ... at time ...

This system has some other flaws, specifically regarding vote selling, but it is secret and verifiable.

Re:None of this (except the passwords)...

[Bucky24]

This system has some other flaws, specifically regarding vote selling,

I'd imagine that sort of thing already goes on, so having a "secret code" like this wouldn't really make it any more or less prevalent.

Re:None of this (except the passwords)...

[Bucky24]

Haven't you ever heard of the electoral college? If anyone wanted to rig a presidential election they wouldn't even need to come near the ballots, paper or digital. They'd go straight to the people who actually elect the president.

Re:None of this (except the passwords)...

[Minupla]

I stand corrected, and thank you gentle person. That's what I get for assuming what they teach you in polisci in high school actually matches the real world. You'd think I'd know better by now wouldn't ya?

You know what this means

[MillionthMonkey]

We need to maintain the integrity of the voting process by collecting a tax on people who show up to vote and detaining them if they can't produce a long form birth certificate upon request.

Re:You know what this means

[Doctor_Jest]

That'd be beautiful, but it'd also be a poll tax which is unconstitutional. :)

The sentiment's well placed though. Of course the party that benefits most from this isn't the one that supposedly stole the presidential election. :) Just sayin'.... heh.

Re:You know what this means

[Doctor_Jest]

rather _IS_..... :) Oops.

Re:You know what this means

[MillionthMonkey]

...whoosh..

Maybe that was too far out there; I was making a veiled reference to the voter ID laws sold to fix all problems with elections.

Re:You know what this means

[camperdave]

How about the other way around? Tax everybody and then give them a refund if they show up to vote.

Re:You know what this means

[Bucky24]

Poll taxes are banned by the constitution, but requiring a birth certificate might be a good idea....

To make a secure voting machine

That's the whole point of these voting machines, make it easier and save time for the users. A punchcard reader/sorta could easily accomplish that. You got physical validity and you get time saving. People can still mail in votes and a database that keeps only people who have voted already (and not who voted for who) could keep track of duplicate votes which puts up a *flag* for that person. If they done it this way, a database breach means little without physical access to the cards or machine.

What about dead people voting fraud and vote coercion for mail in votes? Stricter law enforcement and record keeping as those things already happens i suppose.

Re:To make a secure voting machine

I recall Florida really goofed up on this one.

Re:To make a secure voting machine

[MyFirstNameIsPaul]

I have a hanging chad that says you're wrong.

Total non-sequitur

[artor3]

So the fact that he was able to access a list of voters is supposed to prove that votes are rigged? How exactly does that follow?

Voter fraud is a non-existent problem. It's a bogeyman used to get people scared so that they agree to more restrictions on voting, which in turn disenfranchises those who might otherwise resist the powers that be. It also serves the double duty of de-legitimizing any political opponents. Don't like the incumbent? Call him an imposter, and that way you can scream hatred and bile against him at every moment, and your supporters won't question it, because you've given them a way to rationalize all the hate.

Re:Total non-sequitur

First of all, votes are supposed to be confidential.

Second, you don't need electronic voting to get fast results. Canada still uses paper ballots and they have their final results within 24 hours.

Re:Total non-sequitur

[Jawnn]

While I agree that the vast majority of the allegations of "vote fraud" are, just as you say, a bogey-man aimed at stirring up a disaffected group of voters, closed electronic voting systems make it far easier to actually rig an election while at the same time, making it almost impossible to detect such shenanigans. Either open up the technology to audit and review or chuck it.

Re:Total non-sequitur

[rwven]

The point is that if he hacked in and and got this junk, someone could just as easily have gotten in and altered the data. I don't put it beyond corporations to under-the-table hire hackers to accomplish their end-goals (namely because I've seen it happen), and hacking a voter database is a pretty obvious target.

And that's only the corporation side of things....

Re:Total non-sequitur

[geek]

Sorry but you are full of shit.

http://www.humanevents.com/article.php?id=39166
http://missouri.watchdog.org/5937/dead-voters-in-missouri/
http://www.washingtonpost.com/local/starting-friday-protective-orders-easier-to-get-dead-voters-votes-count-new-va-fiscal-year/2011/06/30/AGbcVtrH_story.html

Voting fraud is almost a national tradition.

Re:Total non-sequitur

[mevets]

Canadas federal ballots only have a single question: choose one of N candidates. Provincial ones are similar. Rarely you may get handed two ballots, one with a question of some burning issue. Municipal have more; often three ballots. Federal, Provincial and Municipal elections are always held on separate days.

It is a lot easier to count these than the questionnaire that US voters are to fill out. I know you can just hit "party ticket", but they still have to be looked at.

Re:Total non-sequitur

[dkleinsc]

Voter fraud is a non-existent problem.

It's not quite non-existent. It's not hard to find residents of Chicago or Philadelphia who were part of political machines that regularly placed fraudulent votes. For instance, a common tactic was (maybe still is) to use dead people's names and addresses.

However, efforts to restrict voting (at least in the US) have far more to do with disenfranchising poor people and black people than they do with any actual risk of fraud. For instance, photo ID requirements, a mere annoyance for middle-class white folks with a driver's license, are an insurmountable burden for members of the underclass that survive on public housing and food assistance. One tell-tale sign here is that the focus is on somebody who shows up to the polls and tries to cast a fraudulent vote, rather than the much easier ways of committing election fraud on a significant scale like manipulating the persons or machines responsible for counting the votes or effectively ballot-stuffing. If you were, say, a secretary of state with ties to a party's political campaign trying to commit election fraud, which would be easier - making a vulnerable voting machine and changing a number in Microsoft Access, or organizing hundreds of thousands of people to go to the polls and fraudulently casting votes?

Re:Total non-sequitur

[MyFirstNameIsPaul]

"Landslide Lyndon"

Re:Total non-sequitur

[ohnocitizen]

I can counter your right wing sources with left wing ones:

http://thinkprogress.org/politics/2011/03/27/153179/report-from-poll-taxes-to-voter-id-laws-a-short-history-of-conservative-voter-suppression/
http://www.prwatch.org/news/2011/05/10711/voter-suppression-bills-sweep-country
http://motherjones.com/kevin-drum/2011/06/voter-fraud-or-voter-suppression
http://www.salon.com/news/feature/2008/10/15/voter_suppression

While I do think there is some voter fraud in the modern era, and would point to Florida in the 2000 election and Ohio in 2004, it is often twisted and blown out of proportion to fuel a hysteria that we need to make it harder to vote. So we end up with laws that make it harder to vote for those who vote Democratic. I find it hard to believe that is an accident.

What we need is a way to verify votes that does not end up constituting an effective poll tax, and keeping people who have a right to vote from the polls. I wonder if any slashdot readers have any suggestions? I'd be quite hopeful on that account, some rather clever people read this site and have left encouraging comments on past articles about voting.

Re:Total non-sequitur

[thesandbender]

But he hasn't proven that he as access to anything that is not public. He's provided a dump of public data that should be public data.

He hasn't even shown access to any tables that contain vote counts... not one. Simple fact of the matter is that he hasn't proven or even demonstrated access to any data that could be used to directory manipulate an election.

The only thing I see is links to voter reports. If they manipulated those links/documents on election day they might be able to point media outlets to documents that would change their reporting and disenfranchise voters... but that's a very huge stretch.

Re:Total non-sequitur

[mywhitewolf]

you will know anonymous has gotten into your electronic voting system when Guy Fawks or Chuck Norris gets elected. Paper ballots are just as easy to tamper with... the is i just the old case of http://xkcd.com/538/

Re:Total non-sequitur

[jjjhs]

A Texas ID Card costs $16 for 6 years, and in Florida it's $25 for 8 years. You do not have to have a car and take/pass the driving test in order to get a photo id. $25 is five $5 scratch-offs or a few cases of beer or smokes..

Re:Total non-sequitur

[mywhitewolf]

making a vulnerable voting machine and changing a number in Microsoft Access,

just as likely to be that simple as having a region report a wrong count in your favor.

you don't think the software that takes the vote isn't auditing the data? you don't think this audited data isn't checked against the central repository for votes? you don't think they'd have specialists checking the data for anomalies or unexpected results?

to get away with it completely unscathed, the political party would have to have control over all the regional media (to give people the impression they are winning), access to the machine that takes the votes, access to the server who counts the votes, tackle the paper trail that's designed to prevent exactly this kind of abuse etc. etc. etc.

90% of the work to successfully manipulate the polls is done without touching the votes, paper vs electronic is pretty much inconsequential as far as vote security is concerned.

Re:Total non-sequitur

[Sooner+Boomer]

For instance, photo ID requirements, a mere annoyance for middle-class white folks with a driver's license, are an insurmountable burden for members of the underclass that survive on public housing and food assistance.

Pray, do tell, how people that are able to sign up and live off of the public dole, then become too stupid (or otherwise unable) to get a FREE photo ID. Make the photo ID part of the requirement to use these benefits, and you'll cut down on foodstamp fraud too. This whole idea about poor people unable to get ID (which can be verified) is a disingenuous strawman arguement. "insurmountable burden", my ass - just another reason to perpetuate voter fraud!

Re:Total non-sequitur

[therefore]

Interesting sources. 1. Writing in Human Events, a conservative magazine. an editor of the National Review (ditto), weaves several speculative ways voter fraud *could* occur and then lists two people who were in fact convicted. Two. Even though he links to Pajamas Media (ditto) which, with no citation, talks about "indictments, convictions, or investigation" in other states. 2. Missouri Watchdog & a local news program identified one *possible* "dead voter" but the article does allow for a clerical error. This was a 9 months ago and I can find no other follow up about this problem. This report came right before the November election and was handled with the typical "scary voice". This is the state that wants to raise the bar even further by requiring proof of citizenship (original birth certificate, naturalization papers or a passport), because, naturally, illegals must be voting illegally in droves, which will go further to disenfranchise voters. 3. My favorite was the Washington Post link which has nothing whatsoever to do with voter fraud. It has to do with legislation that allows for this time line: Voter mails in absentee ballot. Subsequently dies before the vote count. Should his vote be counted? The legislation said yes. This is typical of the documentation of "rampant voter fraud" (vs. registration fraud which is an entirely different animal). I don't know about voter fraud, but voter suppression is certainly a national tradition.

Re:Total non-sequitur

[misexistentialist]

If everyone had to get a special voting ID the number of eligible voters would drop 90%. No one would bother to go through the bureaucracy and pay good money for the privilege to vote for two worthless parties.

Re:Total non-sequitur

[retchdog]

just because the right to vote is worth less than $16 to someone, should we rescind it?

Re:Total non-sequitur

[misexistentialist]

The incentive for food and shelter is a lot more pressing than voting. You are being disingenuous if you don't admit that an ID requirement will mean that almost all people without cars will end up not voting. And it is pretty clear that Republicans are the ones with the strawman argument, since cheating in elections is practically the only political strategy they have left.

Re:Total non-sequitur

[tyrione]

For instance, photo ID requirements, a mere annoyance for middle-class white folks with a driver's license, are an insurmountable burden for members of the underclass that survive on public housing and food assistance.

Pray, do tell, how people that are able to sign up and live off of the public dole, then become too stupid (or otherwise unable) to get a FREE photo ID. Make the photo ID part of the requirement to use these benefits, and you'll cut down on foodstamp fraud too. This whole idea about poor people unable to get ID (which can be verified) is a disingenuous strawman arguement. "insurmountable burden", my ass - just another reason to perpetuate voter fraud!

Don't know which state you come from but a Personal ID is not FREE. It's $20 in Washington State. The Driver's License ranges from $25 to $50. Then of course you need proof of identity which requires a Notary Public Stamped Birth Certificate [another $25+ for the Notary Public stamp, and additional fee for the Birth Certificate at the Court House, plus you need to make sure your SS Card is on you to get the Birth Certificate. If you don't you have to go and have that, but if you are a homeless person I doubt you have much proof]. With 40% of the US in poverty that's one helluva a lot of disenfranchised voters. To answer your first statement, most people aren't signed up living off the public dole. The one's living off of their own invested Unemployment Insurance don't need a card. There are millions of homeless people who aren't on Welfare.

Re:Total non-sequitur

[Nimey]

A $16 poll tax is still an illegal poll tax.

Re:Total non-sequitur

[MtHuurne]

to get away with it completely unscathed, the political party would have to have control over all the regional media (to give people the impression they are winning), access to the machine that takes the votes, access to the server who counts the votes, tackle the paper trail that's designed to prevent exactly this kind of abuse etc. etc. etc.

Vote results rarely turn out exactly as predicted; only if the differences are really large it will be seen as a sign of fraud. If a new party would win an election out of the blue, it would be very suspicious. Because of gerrymandering and winner-takes-all systems, the overall winner between the two established parties can be decided by a relatively small amount of votes. The local media headlines won't say "fraud!" if a party that was predicted to get 48% of the votes gets 53% on election day.

If the machine that takes the votes is compromised, it will report the wrong count to the central server, so the central server does not have to be compromised for the fraud to work. A paper trail would help against tampering with the machine that takes the votes, but a lot of the machines either have no paper trail or have one that could be compromised just as easy as the electronic count.

Auditing is useful, but you have to be sure that the software that was audited is also the software that is used on election day (there have been reports of this not being the case) and that the software is secure against exploitation after the voting machine's installation (some voting machine software is of very low quality, so likely to be prone to exploits).

I think in theory it is possible to design a hybrid system that has a proper paper trail for safety and an electronic count to get the results quickly on election night. But today's practice of electronic voting has such low security standards that it's better to vote using paper only.

Re:Total non-sequitur

[Sooner+Boomer]

Don't know which state you come from but a Personal ID is not FREE. It's $20 in Washington State. The Driver's License ranges from $25 to $50. Then of course you need proof of identity which requires a Notary Public Stamped Birth Certificate [another $25+ for the Notary Public stamp, and additional fee for the Birth Certificate at the Court House, plus you need to make sure your SS Card is on you to get the Birth Certificate. If you don't you have to go and have that, but if you are a homeless person I doubt you have much proof].

So how do you get public assistance (the original claim) without ID?

Re:Total non-sequitur

[PNutts]

No, what makes it almost impossible to detect such shenanigans is a lack of audits and audit trails.

Re:Total non-sequitur

[Sooner+Boomer]

You are being disingenuous...
Republicans are the ones with the strawman argument...

  The whole "I know you are but what am I" arguement doesn't work past the 5th grade.
And I hardly think Chicago, widely known for voter fraud, is a Republican bastion. Want to try again?

Re:Total non-sequitur

[rwven]

Knowing it happened, and being able to link it to a corp (and then prove that in a court of law), are two very different things. Lots of things can be "known." Not everything can be easily "proven."

Re:Total non-sequitur

[mywhitewolf]

I'd seriously doubt that a government funded project for voting polls would have such _easy_ to compromise security features.

Vote results rarely turn out exactly as predicted; only if the differences are really large it will be seen as a sign of fraud.

you will find that statistical anomalies will be verified, things like 1 machine (or 1 vote counter) has an unusual candidate count compared to counts done by adjacent machines. Also how exactly would a single machine be able to falsify votes on any meaningful scale undetected? there would be huge statistical anomalies then there is also the challenge of accessing the machines, (as difficult as accessing a balled box really). there are ways of doing this right to be more secure than paper voting, as well as cheaper in the long term (paper voting requires people counting...)

Re:Total non-sequitur

To count 10 times as many votes in the same amount of time, you need 10 times as many people.
Luckily the US population is 10 times larger, so everything fits perfectly.

Re:Total non-sequitur

[hedwards]

Because in practice it's not really free. It's been a while since I went to the DMV, but I don't recall those being open 24/7, in other words if you're really that hard up, chances are that you'd have to take a day off work.

But, really the biggest problem is that the level of fraud in that segment of voters isn't any higher than it is in other segments. And while we're at it, why don't we just require that all ballots be signed by the person as well. I mean hell, somebody could put an X and sign that it was a valid vote.

Re:Total non-sequitur

they know your address and where you live.

But do they know where my home is?

Re:Total non-sequitur

[geminidomino]

$25 is ... a few cases of beer or smokes..

Where the hell are smokes $25/carton? I want to move there!

Re:Total non-sequitur

[digitalchinky]

In Australia a carton of cigarettes will set you back about $70 AUD/USD I guess on average, about $10 to $12 per pack. I don't smoke, not that this matters, but it is a nice place to live.

Re:Total non-sequitur

[stdarg]

So if we made a photo ID a requirement for public housing and food assistance, problem solved?

I assume there are mechanisms to stop people from signing up for public housing and food assistance multiple times. If no ID is required, how are they enforcing that? Why not use the same mechanisms when it comes to voting?

Re:Total non-sequitur

[ShakaUVM]

>>So the fact that he was able to access a list of voters is supposed to prove that votes are rigged?

You're right. It doesn't. It shows it is *possible* for votes to be rigged, but we've known that for a long time. A fellow CS guy at UCSD (at UW now), named Yoshi Kohno, has written a long series of papers and presentations on how easy it is to own electronic voting machines. Open USB port? Plug in your specially prepared flash drive, and you can make the machine tapdance for you, if you want.

For example: http://www.jacobsschool.ucsd.edu/news/news_releases/release.sfe?id=308

The reason we got paper printouts of our votes the last time I voted was because of this guy.

But it doesn't mean that voter fraud actually occured. Slashdot ran a story in, oh, 2005 or so purporting to prove statistically that voter fraud occurred in Florida. Was from some guys in Berkeley, IIRC. I looked at it, and debunked it easily. They essentially created a mathematical equation to predict the result of the election, and when the election results didn't match their expectations, they said it "proved" fraud occurred. Plugging in some numbers for their equations, I saw that some counties could have been expected to have 120% Bush, -20% for Kerry, so it was pretty much guaranteed to give a "fraud" result. But they tried to hide this glaring flaw in 10 pages of equations and such.

Re:Total non-sequitur

[Richard_at_work]

You have highlighted the actual problem - the fact that the voting system used is so complex, and the voting method implemented does nothing to simplify the system, it just works with it. If you simplify the system, the issues are reduced.

In the UK, its quite typical to get handed two or three ballots at each voting session - each ballot is on a different bit of paper, each bit of paper is a different colour, each colour goes into its own voting box, and each voting box goes to its own set of counters and invigilators. Returns are done within 24 hours by different returning officers.

You know what? It works. It works to such an extent that the British public recently voted to keep it as their voting mechanism.

Re:Total non-sequitur

[nosferatu1001]

You wouldnt think it, but youd be wrong.

Diebold were caught installing unverified patches on election day. Do you trust them to do this?

Re:Total non-sequitur

For instance, photo ID requirements, a mere annoyance for middle-class white folks with a driver's license, are an insurmountable burden for members of the underclass that survive on public housing and food assistance.

Pray, do tell, how people that are able to sign up and live off of the public dole, then become too stupid (or otherwise unable) to get a FREE photo ID. Make the photo ID part of the requirement to use these benefits, and you'll cut down on foodstamp fraud too. This whole idea about poor people unable to get ID (which can be verified) is a disingenuous strawman arguement. "insurmountable burden", my ass - just another reason to perpetuate voter fraud!

In my state (Maryland), and I imagine that this is the case in most others, photo IDs aren't free.

Re:Total non-sequitur

For instance, photo ID requirements, a mere annoyance for middle-class white folks with a driver's license, are an insurmountable burden for members of the underclass that survive on public housing and food assistance.

Pray, do tell, how people that are able to sign up and live off of the public dole, then become too stupid (or otherwise unable) to get a FREE photo ID. Make the photo ID part of the requirement to use these benefits, and you'll cut down on foodstamp fraud too. This whole idea about poor people unable to get ID (which can be verified) is a disingenuous strawman arguement. "insurmountable burden", my ass - just another reason to perpetuate voter fraud!

They're $25 a pop in Florida. I'm still trying to decide if it's stupid or smart for people to blurt out information as factual when they just made it up.

Re:Total non-sequitur

[rastos1]

Personal ID is not FREE. It's $20 in Washington State.

With 40% of the US in poverty that's one helluva a lot of disenfranchised voters.

Are you saying that 40% of US voters can't afford to spend 20$ on photo ID? I call bullshit. Are you saying that they can't put together 20$ if given a month of time? Even if they don't buy a 2 packs of cigarettes, drink no alcohol, and beg on the street corner for 2 days? I call bullshit. If you are not right-away homeless, then don't go to restaurant (I wasn't for a year), don't go to cinema (I wasn't for 10 years), don't waste money on music (I bought a CD last time 15 years ago), don't throw away things just because they are not new and shiny anymore, and you can put together 20 bucks.

The lifestyles of some people never stops to amaze me. They have mobile before having a shelter, and they have a satellite dish before a real house.

Re:Total non-sequitur

[MtHuurne]

I'd seriously doubt that a government funded project for voting polls would have such _easy_ to compromise security features.

Diebold employees said their ATMs are more secure than their voting machines because the customer is willing to pay for security. It seems the government wants cheap machines even if that means less secure.

you will find that statistical anomalies will be verified, things like 1 machine (or 1 vote counter) has an unusual candidate count compared to counts done by adjacent machines.

But how can you verify if there is no paper trail or if the paper trail cannot be trusted either?

Also how exactly would a single machine be able to falsify votes on any meaningful scale undetected? there would be huge statistical anomalies

Attacks might not be limited to a single machine. There are thousands of identical machines, so compromising for example 100 machines is not 100 times as hard as compromising a single one. If the attacker can modify the code before it is deployed on the machines, all machines of a certain type would be compromised. If the attacker can modify the machines after installation but before transport, for example by breaking into or otherwise having access to a storage facility, large numbers could be compromised. If the machines have WiFi enabled (this has been reported), a single attack might be able to compromise multiple machines very quickly.

then there is also the challenge of accessing the machines, (as difficult as accessing a balled box really).

The main problem is that it's very hard to detect whether a machine has been compromised. If you have a ballot box that for example already contains votes before the election begins, it's easy to spot. If a voting machine has been compromised, it will look exactly the same as one that has not.

Also, voting machines are much more complex equipment than a ballot box, so there are far more opportunities to exploit (much larger attack surface). For example, the voting software itself is audited, but what about the OS, the drivers, the compilers, the hardware?

there are ways of doing this right to be more secure than paper voting, as well as cheaper in the long term (paper voting requires people counting...)

I do believe secure voting machines could be built. However, insecure voting machines have been built and are being used in elections and I'm surprised few people have a problem with that.

Re:Total non-sequitur

[TheLink]

But why the heck should voters have to pay for photo ID? Just let people be entitled to a free one once every 4 years (e.g. if you keep losing your photo ID, you either pay for the replacement or you don't vote, I think that's fair).

USD16 or USD20 * 300 million is only 5-6 billion bucks. And that's assuming the cost is 20 bucks (might be more or less depending on how inefficient the system is). The USA has blown away way more than that:
http://costofwar.com/en/
http://www.google.com/search?q=federal+reserve+trillions

The USA is willing to spend trillions picking governments in other countries, but not willing to spend a few billions in picking its own government.

Go figure what the real problem is.

Re:Total non-sequitur

[TarPitt]

Pray, do tell, how people that are able to sign up and live off of the public dole, then become too stupid (or otherwise unable) to get a FREE photo ID.

You obviously haven't dealt with people on public assistance much.

There is a reason some people do not have jobs, and it's not because they are intelligent enough to scam the welfare system.

Re:Total non-sequitur

[Bucky24]

Not necessarily. It depends on what kind of database access privileges he got.

Re:Total non-sequitur

[Bucky24]

Just let people be entitled to a free one once every 4 years

I agree. A free state-issued photo id would be nice for more that just counting votes.

Re:Total non-sequitur

[Bucky24]

Yes... yes it does...

Re:Total non-sequitur

[rwven]

Say the morning of the voting, someone comes in and removes a candidate from the ballot? What if no one reports it until noon? I would say that that might have something to do with the votes or voters ;-)

Re:Total non-sequitur

[geminidomino]

Wrong direction. $40/Carton (I smoke cheapos) is bad enough.

Re:Total non-sequitur

[freedomseven]

Ok just to be about this. The Florida Div of Elections does not have a way of connecting for whom a voter cast his vote. The only thing the Division can track is whether or not a particular voter voted in a particular election. There is an intentional disconnect between the official voting system and the statistical system that the "hacker" broke into so to say that this is evidence of a vulnerability is a little disingenuous.

I am not saying that the system is perfect. I am just saying that THIS is not the evidence that we should look for. You can't use weak evidence to fight important battles.

Re:Total non-sequitur

[rastos1]

I'm arguing that the percentage of people that can't afford a photo id is nowhere near 40% (as implied by GP) and therefore it should not be a roadblock for requiring it for voting. For those that truly can't afford it, you can always come up with something.

"If you cannot afford an attorney, one will be appointed for you."

If you can't afford photo ID, one will be provided for you.

This is public election data, not voting data

[thesandbender]

If anyone took 30 seconds to scan this scandalous "voting" data it's very apparent that this is data about the elections and not the actual voting or voters. All of this data can and should be public knowledge (e.g. Elections, Candidates, Races, what special interest groups are working the polls as well as voter statistics). A quick google search will give you almost all of this data because want it should be public knowledge.

This would be a story if this data wasn't available.

Re:This is public election data, not voting data

Though it is not clearly stated, I believe it is implied that the vote table could have been dumped as easily.

Re:This is public election data, not voting data

And who's to say he didn't have access to that data and chose instead to post only public information due to a moral high ground. To those that know how the machines work they would know that if he had access to that data fro. That source, then he had access to the more sensitive as well. I'm not saying that this is the case but lack of posting private. Information doesn't mean anything really. It just shows that he got into one of those machines

Re:This is public election data, not voting data

[thesandbender]

I'll add to this that the voting roster and your voting record (when and where) are public record as well... the only thing that's private is who you voted for. Everything else is a matter of public knowledge and should be, this is the only way you can keep things honest. If there are X number of votes, that should match X number of registered voters. By the same token, districts should only have X number of voters and you should only vote in your district (which is why you need to know where someone voted).

Re:This is public election data, not voting data

[thesandbender]

Then he should have provided some proof that he had access to the data or could have manipulated it. For example, there are X number of registered voters in zip code Y voted for Z. He could have even show a table structure that linked election data to voters (e.g. this election had table key 12345678 and here's a count of voters for 12345678. He hasn't provided any evidence of an actually breach of voting casting records, just that he has access public data in a sql database.

And don't get me wrong, that's not a good thing... if you can manipulate voting stats/reports on an election night you can change an election... but this article makes it sound like they have access to actual voting casting records which there is zero proof of. Everything shown is public record.

Re:This is public election data, not voting data

[thesandbender]

I'm assuming you're not from the U.S. A "race" here is referring to the election and not the ethnicity of the person or person(s) involved. The literal translation in this sense in "contest"... i.e. the "race" to the finish line. You'll notice that there's a "race" lookup table which contains Sheriff, Councilman, etc. It's referring to those "contests", not black, white, asian, latino, etc.

Re:This is public election data, not voting data

[thesandbender]

Okay... so we're dealing with two different issues:
1. Determining who voted for who (breach of privacy)
2. Manipulating cast votes (voting fraud)
The issue raised by this article was voting fraud in which case you don't need to link a vote to a voter you just need to manipulate votes in a way that's not detectible. So you're changing the overall votes not someones specific vote (which you'd want to avoid at all cost).

Re:This is public election data, not voting data

[tyrione]

I'm assuming you're not from the U.S. A "race" here is referring to the election and not the ethnicity of the person or person(s) involved. The literal translation in this sense in "contest"... i.e. the "race" to the finish line. You'll notice that there's a "race" lookup table which contains Sheriff, Councilman, etc. It's referring to those "contests", not black, white, asian, latino, etc.

You don't have to be from the USA to have enough brains to scan the table headers and figure out that race doesn't pertain to ethnicity. That reminds me of people reading into headlines and jumping to conclusions when if they read the context of an article they should be pissed off at how misleading the article title is as bait for you to read the story.

Re:This is public election data, not voting data

[Nimey]

It's also called a race because of our misbegotten "first past the post" system, wherein the person who gets the single largest bloc of votes wins.

Re:This is public election data, not voting data

[Legion303]

Poll workers' login and password should be public knowledge?

Actually, it probably is now. I don't just mean the ones on this list, I mean anyone who becomes a poll worker there in the future. Looks like the password is first initial + last initial + last 4 of SSN (although I like to think the 4 digits are a user-supplied PIN).

Re:This is public election data, not voting data

[camperdave]

You're right. I'm not from the US. Your explanation makes things crystal clear. Thanks.

Not a Rickroll, but close.

[cvtan]

You tricked me into clicking on a link that had an ad for Glen Beck!!! ARRGGH!

I voted against e-votes in the 2008 election

[GoodNewsJimDotCom]

I voted: Protest E-vote. Will anyone know? No one but who reads this post, but I do protest the things. At any moment, someone could elect anyone they wanted simply by controlling any of the many machines involved. All you need to do is be a programmer, or a manager, and you can elect people at risk of jailtime.

I've always felt for it to be secure, there should be a paper trail which says who you voted for, then you pull a handle, and it gets filtered in the bin. Some bean counters will have the responsibility for checking the paper against the outcome, and viola, you're no longer trusting entirely in Diebold. Live free or Diebold. Oh I heard they changed their name just so people can't make that joke anymore.

Re:So what if pollworkers passwords are compromise

[thesandbender]

You're misunderstanding "poll workers"... these are lobby groups who are outside the polls trying to influence your votes, look at the pollworker_links table later in the dump. They're tracking who was there and who they represent... which is exactly what they should be doing. And yes, this data should be public (by law actually).

are the fake felons still on the list?

[Joe_Dragon]

http://newstandardnews.net/content/index.cfm/items/519

I thought we solved this problem long ago.

[VortexCortex]

It's too bad no one wants to use the solution to this problem.

Step 1. You register to vote. (Yes, we already do this...)
Step 2. You are given a unique set of voter's registration digits. (Yes, we already do this...)
Step 3. You vote, and enter some of your voter's registration digits. (Currently we enter all of them -- Dumb).
Step 4. Your ballot is cryptographically signed with the digits you did not disclose. (See, all digits get used; Just some are kept secret).
Step 5. You submit your ballot, the public digits of your voter's registration "number", and the digital fingerprint. (I assume some form of hashing is currently done, but the vendors/counters hold the keys, not the people -- Dumb!)
Step 6. Tally votes: Verify each ballot's signature is valid and that each registration number only votes once.

The only place your ID need be linked to your voter's registration number is in the registration database, all other election data can be public for the world to see while still retaining a secret ballot... Now, there's no way to trust a "voting machine", and no need for secrecy in the security protocol, so we can just use our own computers & FLOS voting client software if we choose not to use the machines provided at libraries or public schools.

The disuse of basic public key cryptographic systems by the world at large is dumbfounding.

Credit cards, voting ballots, bank accounts, social security numbers, state issued photo IDs & Licenses, etc...
Herp; We don't need to use PKI except on wobsites -- Derp!

Re:I thought we solved this problem long ago.

While I agree that there are many problems public key cryptography can solve, this is not one of them, at least not in this way.

Yes, voting from home would be convenient. There is a reason we have polling places though, and it isn't convenience; it is security of the vote and voters. Also, there is a reason you can't verify your specific vote was correctly counted afterwards as well.

Polling places and their management ensure that there isn't anyone standing behind you observing your vote, prepared to punish or reward you for voting the 'wrong' or 'right' way. This cannot be done in people's homes from arbitrary Internet connected terminals.

Verifiable ballots are a problem for the same reason. If you can (after the fact) produce evidence of your vote, then someone can force you to do so to prove that you voted a specific predetermined way. That knowledge will influence some. This is prevented by a secret ballot.

Re:I thought we solved this problem long ago.

[EuclideanSilence]

The problem with this approach is that it only verifies that votes aren't modified after you cast them. The main problem with voter fraud (other than things like ballot fraud, such as candidates not being on ballots) is the presence of *extra* votes.

For example, cryptography isn't going to do anything to prevent dead people from being registered to vote. It does nothing to stop people from being allowed to vote multiple times, since multiple keys can be given out. These are the main problems we face today, not really modified votes.

The only real solution I see for this is to make it public 2 lists per district: one list says who voted with name and address, another list has a set of serial numbers and choice of votes. The 2 lists cannot correlate in order in any way. Each voter is given a unique serial number at the time of vote, and a receipt with their name, serial number, and choice of vote. Voter can use the receipt and the second public list to verify that their vote isn't modified. The only record mapping a name to a serial number is the individual receipt, not a state database, to keep the choice of vote private.

Since the lists have to be the same length per district, no one can vote twice and anyone can look up who voted to make sure no fake identities cast a vote. Anyone with a PC can add up the choices to see who wins an election. Unfortunately, such a system would give up the privacy of whether you voted, but if you didn't want to vote but didn't want anyone to know, you could choose an "abstain" vote. It also has a problem with the possibility of forged receipts for people trolling to claim their vote wasn't counted correctly, but even that would be a fairly mild problem to deal with.

Re:I thought we solved this problem long ago.

[hedwards]

There's still no paper trail under this scheme and there isn't any way of the voter verifying that the vote was properly registered. Which was the kind of problem which led to both elections that resulted in Bush winning.

Re:I thought we solved this problem long ago.

The only real solution ... a receipt with their name, serial number, and choice of vote.

No, sorry, a link between your name and your vote is not part of the real solution.

Re:No safe votes...

[jc42]

We need a better system, like having all candidates participate as contestants on one of those crazy Japanese game shows. This would immediately disqualify Sara Palin, as she can't even find Japan on a map.

Maybe not, but she can easily find it in real life. She just looks across her back fence, where she can see Russia, then looks zt the islands just to the left. Those are Japan.

It's a lot harder on a map, y'know.

Only user database...

[BlueCoder]

Only the poll worker user database is sensitive. Everything else is public.

No voting information for cast ballots or the personal info for voters in the district.

I can only hope the access control list is on append only media.

Re:Only user database...

[Z00L00K]

But it was rather obvious that the passwords weren't encrypted. If the passwords were encrypted - even with an algorithm like 'crypt' it would have slowed down any attack considerably.

Anyway - since this was presented one might wonder how this hacker got access to the stored data in the first place since there had to be physical access in some way.

But in my opinion - as much as possible of the implementation and data in a voting system should be visible to the public so that anyone can trace back their own vote and make sure that it is correct. There are ways to do that without revealing to everyone else who you voted for.

Re:Eat my GPL'd penis!

[Lanteran]

hm, interesting. What is with these trolls posting the full text of the gpl every few days? Anyway, real trolls release their penises under the WTFPL.
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
Version 2, December 2004
Copyright (C) 2004 Sam Hocevar

Everyone is permitted to copy and distribute verbatim or modified copies of this license document, and changing it is allowed as long as the name is changed.

DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. You just DO WHAT THE FUCK YOU WANT TO.

Greater anti-retaliatory protections are needed.

[sethstorm]

When a business can divine where people will vote in captive campaigns, a secret ballot only exists in name.

It would only be consistent to give that ability to both sides to nullify the secret ballot (and admit its non-existence) or to provide iron-clad protections towards those who do vote yes against retaliation(to thwart coincidentally enforced "policy violations" against those identified as yes-voters).

Need Slashdot usage advice

[DoofusOfDeath]

I'm sorry that this is off-topic, but I can't find any other forum to ask this.

Starting a month or two ago, Slashdot is showing me very few postings when I read the discussions. It's not the rating filter; I've tried many different settings on that. I've tried both D1 and D2 discussion systems, and that doesn't help. I just want things to be the way they used to be.

Is this a problem that many people are having, or have I done something uniquely stupid to my settings?

Re:Need Slashdot usage advice

[zombie_monkey]

I have the same problem.

Re:Need Slashdot usage advice

[PetWolverine]

In my RSS reader, only five comments are displayed, and then this note:

"There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead."

Maybe worth a try?

Re:Need Slashdot usage advice

[HiThere]

IIRC, there's a place in your account configuration where you specify how many posts you want to see. And at the bottom there's usually a "more comments" link.

Re:Need Slashdot usage advice

[Rone]

Starting a month or two ago, Slashdot is showing me very few postings when I read the discussions. It's not the rating filter; I've tried many different settings on that. I've tried both D1 and D2 discussion systems, and that doesn't help. I just want things to be the way they used to be.

I've had the same thing happen too, though I haven't tried using D1 system to get around it.

Best I can figure (I haven't spent much time investigating -- better things to do), the source of the problem is that /. quit allowing highly-scored replies to low-score parents from showing up.

I've been waiting for the /. crew to fix this for a few weeks, but no fix has happened yet. At this rate, I'm not sure there will BE a fix. *shrug*

Re:Need Slashdot usage advice

[DoofusOfDeath]

Seems like in the old days they wouldn't have allowed a usability issue like this to last for so long.

I'd say it seems like /. has lost its mojo, but given the lack of people publicly complaining about this, I still wonder if it's only biting a few of us.

Re:Need Slashdot usage advice

[jwhitener]

Every so often that happens to me also. Only 10 or so posts show up. No idea why.

Nonsense; there ARE cross-checks, you know

[davide+marney]

The veracity of an election is not based upon technology, so being able to hack into a server run by a state board of election means little. An election is a system, a tightly-controlled process completely specified in legal language, with many interlocking parts and thousands of people involved. At each interface point in the process, there are cross-checks to verify accuracy. You can't "fix" an election just by cracking into some file system somewhere, you'd have to beat the entire system.

For example, in Virginia where I am a poll-worker, we have independent tallies of the number of people allowed in to vote, and the number of votes cast on the voting machines. During an election, we compare these two numbers each hour and call them into the Registrar who records them in a third system. To "stuff" the ballots in this system, you'd have to compromise three sets of records, each of which are backed up in multiple formats. The chances that you'd get away with this in the open while people are watching the election are infinitesimal.

Re:Nonsense; there ARE cross-checks, you know

[Z00L00K]

I would still say that it is possible, and looking into how bad the identity of people is checked and verified in the US I wouldn't be surprised if there is stuffing done anyway.

Re:Nonsense; there ARE cross-checks, you know

[davide+marney]

OK, I'm game. How would you add more votes than there are voters ("ballot-stuffing") in a system where there are two independently-generated counts of voters and votes, audited each hour and recorded by a third party? Your constraints: the polling place is open to the public and can be monitored by a candidate's representative; the name of each person allowed into the voting booth is read aloud; each person has to present ID and be registered to vote prior to casting a vote; there are multiple voting machines, and no guarantee that a particular voter will get any particular machine (first come, first served.)

Re:Nonsense; there ARE cross-checks, you know

[Z00L00K]

Since not everyone eligible for voting will come and vote there are holes in the system. Just figure out who aren't and then you can inject yourself or out of state persons as standins for the real voters using fake ID:s.

reconsider your license choice?

[KingAlanI]

I don't think you want viral distribution of your penis and anything it gets involved with. ;)

We're all missing the point here...

[theshibboleth]

... where do we go to login with the posted usernames and passwords and become the next senator/governor/president of florida?

Re:Eat my GPL'd penis!

[Moryath]

DO WHAT YOU WANT CAUSE A PIRATE IS FREE Public License.

Version 1.0, November 22, 1718

TERMS AND CONDITIONS
0. Do what you want cause a pirate is free. You Are A Pirate.
1. Yarr Harr Fiddle De Dee.
2. Being a pirate is alright with me.
3...

Re:No safe votes...

[suppo]

Except that Tina Fey on Sat Night Live actually said it, not Palin.

Palin actually said that Russia can been seen from one of the islands off Alaska, which is true.

Slate even said so: http://www.slate.com/id/2200155/

Re:Eat my GPL'd penis!

[boiert]

4. Profit!

In Soviet Russia...

[evilgraham]

... tyres slash you!

Ok, no real idea why I wanted to contribute that. Must be the sheer horror of seeing "ostracised" spelled with a "z".

Re:In Soviet Russia...

[tqk]

... tyres slash you!

Ok, no real idea why I wanted to contribute that. Must be the sheer horror of seeing "ostracised" spelled with a "z".

Yet it bothers you not at all to spell tires with a "y".

(21) infidel /home/keeling_ dict ostracise
1 definition found

From The Collaborative International Dictionary of English v.0.48 [gcide]:

    ostracise \os"tra*cise\, v. t.
          Same as {ostracize}. [Chiefly Brit.]

Don't get me started on al-u-min-i-um.

Re:In Soviet Russia...

[hairyfeet]

Its aluminum ya damned Limey! I swear we bust our balls saving your pasty white asses from the rampaging Krauts and what do you do? Adopt a damned system created by cheese eating surrender monkeys! Either go back to imperial units like God and the Queen intended or the next time your balls are in a sling we might just forget which way to the UK! And learn to fricking speak AMERICAN! It is a damned cigarette not a fag, geez.

As for TFA anyone who has seen the videos of the clusterfuck that was Ohio in 2004 ought to know that you don't even have to change the vote, just disenfranchise those whose votes you don't want to count. The rich neighborhoods had an abundance of voting booths, the poor too few and half of those worked. When activists tried to peaceably hand out flyers to all those who had waited in line for hours only to be told they were in the wrong line that they could request a provisional ballot? They were run off by the cops.

So it really wouldn't take much in a close one, just a few districts in a few states making sure the group you don't want to vote is treated bad enough they won't bother. Watch those videos from Ohio at how many got disgusted and walked away, guess who they would have voted for? Not the guy that won.

Re:In Soviet Russia...

[tqk]

Its aluminum ya damned Limey! I swear we bust our balls saving your pasty white asses from the rampaging Krauts and what do you do?

I propose all /.ers post this guy's reply on their wall as an example of where the typical US-ian has sunk to.

1. I (FFS!) was the one complaining about al-u-min-i-um, idiot!

2. I'm a Canuck, and my dad was cannon fodder in the tail turret of a B-17 before either of us were born.

2a. Canucks were kicking Nazi ass long before you 'murricans' deigned to join the fray (kicking and screaming against your will, fsckin' isolationists)!

3. Reading comprehension? What's that?

4. You're an idiot!

Have a nice day (and please learn to read), idiot.

Abhaxas, Abraxas?

[Bleek+II]

Abhaxas must have taken the name from Abraxas Guardian Of The Universe. It easily ranks among some of the worst movies ever mane. But I'll let other be the judge of that. Here's part one: http://www.youtube.com/watch?v=xs6yYAMpxUs

ironic

[peektwice]

I think that there's a decent bit of irony in the fact that he "hacked" the voting database of the State of Florida, and then laments the ability of the United States Government to keep its data secure. Apparently while he may or may not be a decent cracker, he doesn't know the difference between state and federal government.

My voting machine design

[kipsate]

I would design a voting machine as follows.

Principles:

- The machine should be such that it proofs to voter that his vote has been registered correctly.
- The machine should produce a tangible ballot for each vote casted.
- It should be impossible for anyone to find out how someone voted.

The desire of up-to-the-minute results is understandable but should be secondary to the principles above. Yet, I don't think the demands are mutually exclusive.

I can imagine a design where the voter can see his ballot, for instance behind a sheet of glass. The voter votes by pressing a button which causes a physical hole to be punched in the ballot. It should be clear to the voter how he voted from the position of the hole in the ballot. Then, the ballot should be visibly dropped in a sealed box. The voter should not be able to physically access the ballot.

The ballots are machine-countable since the holes were punched in mechanically. More importantly, the ballots can also be recounted manually if required.

Re:Eat my GPL'd penis!

[Lanteran]

You have bested me sir, I tip my hat to thee. Also troll moderation for myself? Hm, interesting...

R / L confusion for Japanese speakers, not Chinese

[zooblethorpe]

Pedantic Hat on:

Though the common stereotype is for R / L confusion with speakers of Chinese, the Chinese language (Beijing dialect for sure, Cantonese most probably, others probably too) has a clear L sound and something close to an R sound, making it very unlikely that Chinese speakers would get those two mixed up when speaking English. FWIW, I've never heard a native Chinese speaker goof those up when speaking English.

Meanwhile, Japanese has no close analogs for the English L or R sounds, the closest being what's called a "flap" sound, most commonly pronounced a bit like a Spanish R that's not trilled (like the R in pero but not in perro). Some Japanese dialects pronounce this more closely to the English L (from what I've heard, old folks in the far north), but most Japanese speakers pronounce it as a flap. Most native Japanese speakers that I've heard speaking English have trouble distinguishing the English L and R sounds at some point during the learning process.

Though probably apocryphal, there's a story from the later years of the Occupation period when rumors abounded that MacArthur would run for US President. He was quite popular in Japan, and the story goes that some public pro-MacArthur demonstration unfolded a banner reading:

We Play For MacArthur's Erection

Pedantic Hat off again. Cheers,

I call bullshit

[nbauman]

it's still true that dead people do vote in Chicago.

I call bullshit. Do you have a citation?

George W. Bush really needed you when he was trying to find one.