Man-In-the-Middle Remote Attack On Diebold Voting Machines

An anonymous reader tips news of a vulnerability discovered in the Diebold Accuvote voting system, which could be used to alter voting results without leaving evidence of tampering. Quoting Salon: "[T]he Argonne team's attack required no modification, reprogramming, or even knowledge, of the voting machine's proprietary source code. ... The team's video demonstrates how inserting the inexpensive electronic device into the voting machine can offer a "bad guy" virtually complete control over the machine. A cheap remote control unit can enable access to the voting machine from up to half a mile away. ... The video shows three different types of attack, each demonstrating how the intrusion developed by the team allows them to take complete control of the Diebold touch-screen voting machine. They were able to demonstrate a similar attack on a DRE system made by Sequoia Voting Systems as well."

Well, good thing I didn't research this area.

[MrCrassic]

(a) First post! (b) I was going to do research into voting protocols as a senior design project. I'm convinced that there is no truly, 100% secure way of implementing this, unfortunately. I wish there was, though.

Re:Well, good thing I didn't research this area.

[BenJury]

>The team's video demonstrates how inserting the inexpensive electronic device into the voting machine can offer a "bad guy" virtually complete control over the machine. If you can do this, you're going to have no protection at all. Just like paper votes, if the people who run the voting stations are corrupt, then the system can be fiddled. This shouldn't come as a surprise.

Re:Well, good thing I didn't research this area.

[lammy]

The key point is SUPERVISION. Yes, the voting station staff might be corrupt, but if you have representatives from each of the parties with a stake in the election present during the entire voting and counting process, then sleight-of-hand becomes is much trickier. With a pencil-and-paper-based system, you need to distract a great number of people *on election day* (assuming the votes are counted immediately after polls close, as in the UK) in order to 'interfere' with the vote. With the electronic system, all you need is a moment alone with the machine, at basically any point after its manufacture, to make your modifications (whatever they may be - software/hardware - just preferably hard to trace) - and it suddenly doesn't matter how rigorous the supervision is, come election day. Human beings can't supervise at the electron level.

Re:Well, good thing I didn't research this area.

[neyla]

There is, infact, a simple, straightforward way of getting all the advantages of electronic voting, while preserving the advantages of paper-voting.

Have the voting-machine print your vote as the last step, then deposit this printed vote in a ballot-box the old-fashioned way.

To verify the vote, simply count the paper-ballots the old-fashioned way, and compare the result with the results from the electronic voting.

It isn't really needed to count all the votes: picking a small fraction of voting-places randomly and checking those, has a high probability of detecting systematic attempts at cheating nationwide.

Re:Well, good thing I didn't research this area.

[errandum]

Encryption and a two-factor authentication system should allow you to do this.

Re:Well, good thing I didn't research this area.

[GoodNewsJimDotCom]

EXACTLY! There *needs* to be a paper trail. This is why I voted,"Protest E-Vote" in the 2008 election. I'm a concerned citizen who protests the use of electronic voting machines irresponsibly.

Re:Well, good thing I didn't research this area.

[SwedishPenguin]

I agreed up until the last sentence... All votes should be manually counted regardless of how "close" or "non-suspicious" the results are. It's not particularly hard, we usually manage to count 100% of the votes in the precints by early morning after, and 99.9% by late night. The votes are then counted again centrally in each county to officially certify the count and the election.

Re:Well, good thing I didn't research this area.

[GoodNewsJimDotCom]

Ok, maybe I agree with you. I was just thinking there was a cost associated with counting votes by hand. In order to alleviate these costs, we could do random verification of results similar to the verification system on patched video games. I mean it'd pretty crazy hard to "hack what you can" on the machines then somehow be able to also coordinate with the verification. The only way you could do that would be an inside job... Ok, yah, count the paper trail votes by hand :)

Re:Well, good thing I didn't research this area.

[icebraining]

Encryption and authentication, performed by who? The machine? That can be broken if you have access to the machine, like in this case.

One could give personal certificates (in the form of a smart card, for example) to voters and require each vote to be signed using it, so votes would be impossible to forge, but that eliminates the anonymity of the process.

Re:Well, good thing I didn't research this area.

[ashvin213]

This can be done without the paper part of it. Every voter registers his email address with the election council. At the last step, instead of paper print, you send out an email with a secret code associated with that email. Now all news channels/NGOs/Etc conduct exit polls as before and your voter can go and enter the secret code/email address to each one of those exit polls. If all the exit polls match closely with the election results then we can assume that the voting machine is fair. Also, since the voting results are with a huge section of the society [i.e., the media], it is more difficult than paper machines to tamper the results.

Re:Well, good thing I didn't research this area.

[buchanmilne]

Have the voting-machine print your vote as the last step, then deposit this printed vote in a ballot-box the old-fashioned way.

They showed that it is possible to control the printer as well, so then it would depend on what is printed by the printer, and whether voters would notice.

Re:Well, good thing I didn't research this area.

[kevinNCSU]

what part of 'remote control from half a mile away' does supervision deter?

The part where you have to break the seals on the machine, take it completely apart, hook up circuitry to it, close it back up, and re-seal the now broken tamper-proof tape, let the election run, break back in, break the seals on the machine again, pull your electronics back out of the machine to eliminate evidence and then reseal the machine and fix the tamper-proof seals again.

Re:Well, good thing I didn't research this area.

[thegarbz]

So why not reduce the very expensive middleman and eliminate electronic voting altogether?

e-voting was supposed to replace manual counting. If you can't do that then there's no point in spending millions on e-voting machines.

Re:Well, good thing I didn't research this area.

[Sique]

Why "representatives from each of the parties"? Why not "who wants to attend can attend"?

That's how it works for most elections anyway. If you want to watch the election, go to the voting hall and sit there. Watch the empty voting boxes being sealed. Watch the breaking fo the seal for the count. Watch the count. Watch the signing of the count sheet and the resealing of the voting boxes. Put your own seal on the boxes too, if you want. Accompagne the car transporting the voting boxes to the central voting office. etc.pp.

If enough people do this in enough voting districts, large scale fraud is nearly impossible. That's how the people of the former communist East Germany were able to prove in court the voting fraud at least in the last "election"s in 1989 - enough people were at the voting halls, watched the procedure, and took notes of the results, compared them with the official results as announced the next day and found discrepancies.

Re:Well, good thing I didn't research this area.

[spottedkangaroo]

It seems to me that if each voter had a few bits of crypto they could roll in to the vote then they could later verify that their vote was counted correctly. You could aggregate the vote up as you go, so it's not like you'd need to roll the 500 million sigs into the national vote. Verify that you were included in your district, compare the fingerprint to the one included at the national level. There's tons of details I haven't thought of, obviously, but I think this could be made to work. Most people would not check to make sure their vote was counted correctly, but many would and that would be enough.

In short: leave the trust in the hands of the people and make the vote workers simply stewards of the crypto pile.

Re:Well, good thing I didn't research this area.

[somersault]

The costs for simply counting the votes would be pretty small compared to setting up the rest of the election I'd imagine. Also, the costs (in more ways than just money) of letting crooked people get into power are massive.

Re:Well, good thing I didn't research this area.

[SwedishPenguin]

If you go in to e-voting expecting it to make elections cheaper, you're coming at it from the wrong perspective. If the goal of e-voting is not to make it more secure and accessible, then there's no point in doing it. Elections are a minimal cost in the scheme of things, and endangering their validity in order to save a few measly thousands-of-percent of the budget is insane.

Re:Well, good thing I didn't research this area.

[somersault]

That gets rid of the anonymity of voting. Some people care about that kind of thing.

(I'm indifferent - I wouldn't mind my vote being traceable back to me, but then I don't live under an especially oppressive regime, and even if I were to vote I wouldn't be voting for the BNP or anything like that)

Re:Well, good thing I didn't research this area.

[gtbritishskull]

In theory electronic voting would be more reliable and less open to interpretation than paper voting. I would be fine counting votes by hand until people were confident that the electronic voting machines were actually accurate.

Re:Well, good thing I didn't research this area.

[gtbritishskull]

If you recounted the paper votes and it was different than the electronic tally, then it would be very clear very quickly that something was wrong.

Re:Well, good thing I didn't research this area.

[elsurexiste]

To verify the vote, simply count the paper-ballots the old-fashioned way, and compare the result with the results from the electronic voting.

Let's assume they don't match... What happens then? That's the problem with having two controls: you prefer one over the other, so you'll pay twice for the same information.

Re:Well, good thing I didn't research this area.

[John+Bresnahan]

Really dumb idea.

Not everyone has an email address. And, I'm sure that the people without email address are predominately from the lower economic stratus. So, that's one source for bias in your exit polling idea.

Also, the vast majority of people wouldn't bother registering for this exit poll, so it would take a relatively small effort to get the supporters of one side to disproportionally register, leading to an inaccurate exit poll.

Finally, anyone in a position to capture these email messages with the special code could sell them to the highest bidder.

Your idea would do nothing to make an exit poll more accurate, but it would throw valid elections into doubt.

Re:Well, good thing I didn't research this area.

[dkleinsc]

Every voter registers his email address with the election council.

There's your first problem. Not all voters have access to a computer, and many don't have an email address.

At the last step, instead of paper print, you send out an email with a secret code associated with that email.

Which, since email is plaintext, can be intercepted.

Now all news channels/NGOs/Etc conduct exit polls as before and your voter can go and enter the secret code/email address to each one of those exit polls

If a voter can demonstrate their individual vote at any location other than the polling place, then their vote can be bought or coerced. Imagine, say, an employer saying "Vote against this business tax increase if you want to keep your job."

Re:Well, good thing I didn't research this area.

[Joce640k]

So....what we need is e-counting?

See my plan a bit further up ^^

Re:Well, good thing I didn't research this area.

[JasterBobaMereel]

E-voting with a print out as the last option stops spoilt papers (well unless you are using old hanging chad machines) and can speed up counting as there are no longer any unclear choices

E-voting where everything is kept electronically is always suspect, and always open to fraud/hacking etc ...

Re:Well, good thing I didn't research this area.

[Joce640k]

Questions: How would you ensure all the emails arrive without being tampered with during transit? What about people who haven't got email? How do you know the software inside the machines is OK? Why bother with electronic exit polls, why not just ask them?

Bottom line: You can *never* do it 100% electronically. Information and software are just too easy to manipulate (and it leaves no trace).

Re:Well, good thing I didn't research this area.

[JasterBobaMereel]

Voting machines can never be trusted... unless the manufacturer and everyone who works for them, and everyone at the polling station is unbiased ... which they cannot be

A voting machine that prints out, you check and then but in a box in the old fashioned way, stops spoilt papers and unclear intentions, and is easily verified
No purely electronic voting machine can be as open and verifiable as this ...?

Re:Well, good thing I didn't research this area.

[Joce640k]

Put a sign up - "Check your card!"

Not everybody would check but it only takes a couple of observant voters to bring the whole election down. If that's your plan for winning the election then it's not a very good one...

Re:Well, good thing I didn't research this area.

[drinkypoo]

What anonymity of voting? ISTR the ballot being handed to me by someone who knew who I was.

Re:Well, good thing I didn't research this area.

[Joce640k]

Encryption and a two-factor authentication system should allow you to do this.

Sure, so long as you can trust the software inside the machines...

Re:Well, good thing I didn't research this area.

[he-sk]

The _hypothesis_ that electronic voting is somehow less open to interpretation has been thoroughly disproven by reality in the last decade. It can also be shown to be theoretically false very easily: The integrity of the manual hand count stems from the fact that any idiot^W^W the average voter can monitor the process and be reasonably sure that no tampering occurred. An electronic voting machine^W^W^W general purpose computer is completely opaque in that regard. Ken Thompson showed 25 years ago that even an expert cannot be sure that there's no tampering unless he built the entire system from scratch (including the hardware).

Re:Well, good thing I didn't research this area.

[CastrTroy]

Exactly. The cost of using paper votes and counting by hand is vastly cheaper than using machines. Even if you have to pay the people who count. Not to mention all the other problems with using machines such as machines breaking down, or not having enough machines to handle all the voters because of their high cost. In Canada, we use cardboard resting on a table as our voting booth. Elections are usually held at schools, so the tables are there and available anyway. Counting is done at each polling station, usually within a few hours after closing. Votes are counted so fast they had to create a law against reporting results in the east before the polls were closed in the west.

Re:Well, good thing I didn't research this area.

[Jazari]

There is, infact, a simple, straightforward way of getting all the advantages of electronic voting, while preserving the advantages of paper-voting.

Have the voting-machine print your vote as the last step, then deposit this printed vote in a ballot-box the old-fashioned way.

I like this idea, but it raises a problem: what happens when, inevitably, some people say "I voted X but the paper says Y" on election day? Are election staff supposed to disable that machine? Should they ignore the fist 1% or 0.1% of complaints? Do people get to cancel their vote? Which vote will have priority, paper or electronic?

I'm partial to the system used in Canada: fill-in-the-bubble paper ballots (like multiple choice exams). This gives a clear paper trail, and can be counted by machines if you want to go faster.

Re:Well, good thing I didn't research this area.

[somersault]

Did he get to see who you voted for?

Re:Well, good thing I didn't research this area.

[cavreader]

Why don't we just throw all the candidates names into a hat and randomly draw the winners? The results can't be any worse than the current system produces and it would be a hell of a lot cheaper and faster.

Re:Well, good thing I didn't research this area.

[nedlohs]

Then you work out if its just a minor error in one, or if there's a systemic issue and you need to redo the entire election.

You also find and execute the people who tried to rig the election if it was intentional.

You don't have two controls so that you can choose one over the other. You have two controls so that if they are different you know something has screwed up. Once you know something is broken you can work out how to fix it. If you don't know in the first place it's a tad more difficult to fix.

Re:Well, good thing I didn't research this area.

[errandum]

Two factor authentication requires a code generated by a second machine (or a card, etc).

This article describes man in the middle attacks, this should never be possible to do even if you know the source code of the whole thing. Public key encryption and signing should be enough to stop any attempt like this.

He said he was trying to research voting protocols. It is possible to create a protocol that will be secure 99.999999% of the time.

PS: If you have enough access to a machine that should be guarded from any such attempt... true, you might be able to tweek the outcome of a vote, but if you want to influence something you could simply go after the weakest link in the chain: Human beings.

Re:Well, good thing I didn't research this area.

[errandum]

You could know the whole source code of the machines, if it requires someone's password and token, you'd have to have altered everything in order to get those. And the software can be signed and required to pass verification upon boot, so it's not that easy.

Either way, the question was about about protocols, and it is already possible to have 99.99999% secure connections. I'd say 100%, but you have to consider the human element and those can and will most likely fail sometime.

Re:Well, good thing I didn't research this area.

[fotbr]

Around here, yes. The poll workers try to "help" you before you drop it in the box to make sure you didn't fill it out incorrectly. If you decline to show your ballot to them, they get angry, loud, and get the sheriff's deputy (there to "maintain order") involved.

Then again, the corruption goes much deeper than just the poll workers; lockboxes go "missing" on a fairly regular basis, usually "forgotten" in the trunk of someone's car; the city and county refuse to enforce state laws concerning campaigning at polling places and using city/county/state property and resources for campaigning is a standard practice.

There is no private ballot here. There's also only a thin veneer of actual elections here covering a very ugly good-old-boy political machine.

Re:Well, good thing I didn't research this area.

[Noren]

That would greatly facilitate the process of buying votes! A great 'weakness' of the current system is anonymity of voting, which makes it difficult for the purchaser to verify that someone selling their vote has voted as requested. When a large corporation purchases someone's vote under your system, all they would need to do to verify that the voter 'stayed bought' would be to have them use a corporate email account as 'their' secret code. We could get rid of all the political advertising and simply make it possible to buy votes directly- it would be much more efficient!

Re:Well, good thing I didn't research this area.

[compro01]

I'm partial to the system used in Canada: fill-in-the-bubble paper ballots (like multiple choice exams). This gives a clear paper trail, and can be counted by machines if you want to go faster.

fill in? you draw an X in the appropriate bubble.

though our ballots would require something interesting to work with the US system of voting for president/vice-president/house/senate/state governor/state house/state senate/mayor/city counsel/district attorney/judges/police chief/dogcatcher/etc. all on the same day.

You'd need a booklet of ballots or a large sheet with multiple ballots on it or something.

Around here, we vote for 5 people (mayor, 2 aldermen, provincial Legislature, federal Parliament), and the elections typically aren't even in the same year.

Re:Well, good thing I didn't research this area.

[jeti]

No. The key point is accountability. Over in Germany, we've had reports of machines that were stored overnight at the home of a candidate. And the seals being used are the cheapest kind of paper seal, which can easily be forged and probably even re-attached.

Over in the Netherlands, there was a case were eye witnesses suspected tempering. The suspect has not been found guilty because of lack of proof.

It's hard to prove tampering without a paper trail.

Re:Well, good thing I didn't research this area.

[Nadaka]

There does not need to be nationwide systematic fraud in order to change the outcome of an election. Fraud in a few well selected states, and even a few well selected counties of those states could turn the tide.

Every vote must be counted.

Re:Well, good thing I didn't research this area.

[Nadaka]

The ability of a person to verify their specific vote after it was cast allows vote buying schemes to be confirmed, and violates election laws.

Re:Well, good thing I didn't research this area.

[phantomfive]

This is how my precinct has done it for several years. The only difference is the paper is deposited automatically for me, but I do get a chance to check and verify it. It's pretty clearly the solution we need.

Re:Well, good thing I didn't research this area.

[couchslug]

A serious effort can simply produce tape and seals, even hologram and barcode style. Election stealing is big money.

Don't have too much faith in "tape and tags".

Re:Well, good thing I didn't research this area.

[icebraining]

Have you read the second sentence in my post? The problem with PKI is that it ties each vote to a specific key, and hence voter, destroying anonymity. It's perfectly possible to have a secure system if you're willing to lose that. But is it worth it?

Re:Well, good thing I didn't research this area.

[kevinNCSU]

Agreed, hence proper and trained supervision being necessary to deter it.

Re:Well, good thing I didn't research this area.

[tlhIngan]

So why not reduce the very expensive middleman and eliminate electronic voting altogether?

Well, e-voting allows for accessibility (paper ballots are hard to use by the blind, but it's trivial for an e-voting machine to speak the choice). Sure you're allowed to bring in an assistant to help, but that can lead to vote coercion.

A printed paper ballot can also be printed in such a way that the vote is unambiguous. No "hanging chads" or such - the paper shows the vote clearly. Even if the printer runs out midway it's still readable with enough redundancy (name, party affiliation) by humans, etc.

e-voting machines can also give you a quick ballot count while the official results are manually counted, Which makes people happy.

Lots of advantages, just everyone is Doing It Wrong(tm).

Re:Well, good thing I didn't research this area.

[tlhIngan]

To verify the vote, simply count the paper-ballots the old-fashioned way, and compare the result with the results from the electronic voting.

Let's assume they don't match... What happens then? That's the problem with having two controls: you prefer one over the other, so you'll pay twice for the same information.

Really? The printed paper would be the one that counts, because a) the voter read the ballot before they deposited it. It's also the only record anyone has of the election. The electronic tally is unverifiable.

It's just like cheques. If you write a cheque and the written amount differs from the printed one, the bank will go with the written one because it's far harder to miswrite that over the amount. E.g., "one hundred and 10 cents" vs " 101.00".

Re:Well, good thing I didn't research this area.

[drrck]

This print and verify method is deployed in my county in Ohio. Step 1 is to place your votes on all the available pages. Step 2 the machine flips to the first page and show you your vote, you are then instructed to look at the paper slip to the right to ensure that your recorded vote matches that which is printed. You do this for all pages, then your vote is "submitted".

Re:Well, good thing I didn't research this area.

[elsurexiste]

Pretty much my point...

You have a favorite, namely the printed paper. If both counts match, you go with the printed papers' number. If they don't, then you go with the printed papers' number. The only thing you have at the end is an expensive system that only gives you a measure on how humans and computers are accounting failures...

This is not a criticism against electronic vote; it's a criticism against counting twice.

Re:Well, good thing I didn't research this area.

[lgw]

Take a look at the ability of people to do the same sort of hack to slot machines on the floors of Vegas casinos, as well as older, purely mechanical voting machines. In both cases dedicated people have been able to perform the hack in about 20 seconds, which means only a very brief distraction is required. Of course, it's far easier with a voting machine where there's typically some privacy for the voter - you might noteven need a buddy to provide a distraction.

Re:Well, good thing I didn't research this area.

[i_b_don]

You forgot one crucial step. There needs to be a step where the voter views the paper receipt before it visibly falls into a box.

d

Re:Well, good thing I didn't research this area.

[spottedkangaroo]

Laws can be changed. I think the possibility of vote buying is worth it when compared to the feeling that my vote was never counted at all and no way to check it.

Re:Well, good thing I didn't research this area.

[Nadaka]

How about the possibility of vote intimidation? In the 1800's when there was verifiable vote records the threat of violence and economic sanction was used in some cases to force elections in addition to vote buying.

Re:Well, good thing I didn't research this area.

[spottedkangaroo]

There may be a way around that with the PKI aspects I was talking about. It may be possible to choose to lose verifiability if you're in an inimitable situation. I'm not saying there aren't problems with this, but they're no worse than what we have now and what we have now doesn't work at all in a digital age. May as well not bother with voting and just have some kind of realtime polls on cnn.

Re:Well, good thing I didn't research this area.

[spottedkangaroo]

I meant intimidatable, which isn't a word, so it became an incorrect word use. Please excuse me.

Re:Well, good thing I didn't research this area.

[spitzak]

I believe the GP is suggesting that the voter gets some kind of hash of his and all previous votes, which they can check later on line to see if their hash is still there. The hash cannot be used to figure out what his votes were.

I'm not really clear on exactly how of if this would work. A compromised machine could always print out a hash that matches the changed vote. Even if it works I am unsure how you can prove all the hashes without at least being able to figure out the votes that went from one hash to the next, are correct and no extras were inserted.

Re:Well, good thing I didn't research this area.

[houghi]

This could mess up the TV shows showing the numbers (and selling us soap). And nothing is more important then the speed of which results can be shown. Not even accuracy.

Re:Well, good thing I didn't research this area.

[Fjandr]

It goes way beyond "supervision." It requires heavy-duty security of a machine from the moment it is vetted as being properly functional through to the end of the counting. Round-the-clock security that can be trusted to not be compromised in some way. That last part is a big concern, because if there's something that partisans like more than the spotlight it's money. A big payoff can turn lots of people into security leaks, regardless of party affiliation.

The same cannot be said of paper ballots. Much like mail-in rebates, pulling off a few is doable. When you get into massive amounts the work and people required gets pretty extreme.

Re:Well, good thing I didn't research this area.

[Random+Destruction]

I hope you refuse their 'assistance' every time. That's fucked.

Re:Well, good thing I didn't research this area.

[Teancum]

Here is the 100% "secure" way to implement this: Make the machines print out the "ballot" in a human & machine readable format, and only count the "paper" ballots which have been verified by the voter previous to being counted.

The problem here is attempting to take shortcuts and do the counting electronically simultaneous to the act of casting the ballot. It really is two completely different issues (actually more than that) which are being dealt with here as if it was a single problem. A voter needs to be assured that the ballot they are casting is the votes they intend, those votes need to be "anonymized" in some way so the voter themselves aren't tied to the vote (aka a "secret ballot"), the "container" into which those votes have been placed must be held secure before the counting takes place, and the counting must be independently verified with multiple trustworthy "judges" to ensure that the count is accurate.

The only realistic way of performing most of this, using current technology, is with a physical device, usually a piece of paper because of cost constraints, which records that ballot and is stored in a physical box before it is counted.

I have no problem with electronic ballot preparation so far as the fact that often some voters have problems making a consistent mark, and it gets rid of some problems such as candidate order as the physical displays of viable candidates can vary for each voter.

Re:Well, good thing I didn't research this area.

[Teancum]

In a typical voting precinct... at least the ones I'm familiar with... the ability to take a machine like the Diebold machine in the video and pull it apart such as is shown in the video can only be done during the set-up and take-down of the voting machines, or as also mentioned in the video to be performed while the machines are not being watched.

Then again, even paper ballots can be compromised if you have a corrupt precinct election staff. This can range from simply replacing the votes cast to "ballot stuffing" or having dead people vote (presumably somebody casting ballots with the assistance of a judge).

Re:Well, good thing I didn't research this area.

[errandum]

you already have to use your elector card to identify yourself in most countries. That doesn't mean you can vote in whoever you want.

Re:Well, good thing I didn't research this area.

[gtbritishskull]

Which is why you should have electronic voting with a verifiable printout paper as grandparent suggested. That way the voter can verify their vote on paper, and if there is any doubt in the electronic tally, it can be verified against a handcount of the paper printouts.

Re:Well, good thing I didn't research this area.

[Teancum]

If something like that happens in a federal election (house/president/senate) in America, it would be time to call in the Feds.... who would investigate such an election in a New York minute. The trick is trying to document that kind of behavior by poll workers was really happening and getting plenty of witnesses for that kind of activity.

Yes, I know how small town politics works and how some election workers don't really take election laws seriously. Let them spend some time in a federal prison (especially the county clerk) and they'll get a new religion on the topic in a real hurry. Standing up to this kind of behavior is the real issue, where somebody has to be a real squeaky wheel... and to squeal in the right place. Of course the deputy isn't going to, I don't know, enforce the law. They aren't really trained to deal with election laws as they really don't have the authority to arrest somebody or to get involved. That is why you need to go up the food chain and be an ass about it.

If you are willing to take the step, a lawsuit can also bring about change. That route isn't easy though, even if you are right. When a judicial ruling comes down, however, people start to take cover and run for their lives... especially if laws are being broken. Messing with federal elections especially is not a good thing to try.

Re:Well, good thing I didn't research this area.

[Teancum]

This is why you need to verify what is being printed out. The voting machines I use print the physical ballot out, at least a record of who I voted for and in what office.... including "write-in" candidates and referendum issues. If the voter can't see what is being printed out, then the whole point of using the printer is useless.

Then again, most voters likely don't even look at the paper receipt, but if that receipt is different than your voting intentions I blame the voter rather than the would-be election hacker.

That doesn't stop ballot stuffing in terms of the election judges having a machine in a back room with somebody voting on behalf of dead people, but it at least would make sure your vote would be recorded and registered how you would like the votes counted and cast.

Re:Well, good thing I didn't research this area.

[fotbr]

I watched it happen in that particular town in '00, '04, and '06. I escaped that particular hellhole for a neighboring one in time for '08. But, as you say, documenting it is the hard part. Without that, no one is going to investigate anything, especially when no one will stand up for fear of retaliation from the same corrupt good-old-boy system.

As for the deputy; they have complete authority to enforce those laws, and they know exactly what they're doing when they let things slide. They're making sure THEY don't end up on the wrong side of the people with more power than they have.

Given the extent of the visible corruption -- I found it easier to leave.

Re:Well, good thing I didn't research this area.

[icebraining]

I don't see how this helps, can you give me an example of how it could be applied to the problem?

Re:Well, good thing I didn't research this area.

[icebraining]

you already have to use your elector card to identify yourself in most countries.

Yes, but that only avoids having more or less votes than voters. It doesn't prevent someone from changing votes from party A to party B, which is the problem in this case.

The analogy of the PKI solution in an analog system would be to force you to sign your name on your ballot, so that people couldn't replace it by a ballot with a different choice (since they would have to forge your signature).

That doesn't mean you can vote in whoever you want.

That was never the problem. The problem is that your votes wouldn't be anonymous.

Re:Well, good thing I didn't research this area.

[errandum]

Even today it never is 100% anonymous. And the signing doesn't have to be linked to you, it could be generated on the spot by someone, for example, on the voting tables. That key could be used for that vote and that vote alone and it would never leave the room and expire in, lets say, 1 minute.

So many ways to do this. You just need to think outside the "what's usual" box.

Re:Well, good thing I didn't research this area.

[icebraining]

Even today it never is 100% anonymous.

How so?

And the signing doesn't have to be linked to you, it could be generated on the spot by someone, for example, on the voting tables. That key could be used for that vote and that vote alone and it would never leave the room and expire in, lets say, 1 minute.

How do you prevent the machine doing the signing - which may be MITMed, like the one in the article - from replacing the value of the vote before it being signed? Remember that if you want to preserver anonymity, the person from the table doing the signing can't see the vote.

Re:Well, good thing I didn't research this area.

[errandum]

ok, I think you're trolling me, but I'm willing to give you one more chance:

1- If the table where you won't got 90% in party A then there is a 90% chance you voted A. Anonymous would be a national count with every single vote.

2- Do you know what a man in the middle attack is? It has nothing to do with the machine. I means picking up the packets half way (after they left the machine), changing them to your liking and sending them on with the value you want.

If you encrypt your communication with the key that the table gives you, or your security token (all things that can't be directed linked to you) you have a secure channel. Those tokens could be: time based (tokens), exchanged using asymmetric keys (since it would be a low number of messages, this is perfectly doable).

This is just an example. A man in the middle of either communication would not be able (with current tech) to do anything to alter the packets unless he knew the keys beforehand (and lets be honest, if he did, then it means he didn't have to go to all the trouble of intercepting anything, he'd be sending the votes himself while emulating a voting booth). And even then, there would be nothing wrong with the protocol, just the people handling sensitive information.

Re:Well, good thing I didn't research this area.

[icebraining]

If the table where you won't got 90% in party A then there is a 90% chance you voted A. Anonymous would be a national count with every single vote.

Sorry, I can't understand that first sentence.

Do you know what a man in the middle attack is? It has nothing to do with the machine.

Did you read TFA? The Man-in-the-Middle attack they describe happens in the machine. It's in the 'middle' of different components of the machine.

Effectively, the article means you can't trust the voting machines to perform the crypto. So where do you encrypt the communications?

Re:Well, good thing I didn't research this area.

[Teancum]

I have a friend of mine who is going the lawsuit route. It has caused all kinds of grief including some actions that IMHO ought to raise some eyebrows when the full facts of the case are presented before the judiciary... and I expect that it will see the state supreme court by the time it is done. Oral arguments are going to happen next month, so it will be interesting to see how it finally works out.

It will rock the state political system, if they are successful. The downside is that the potential exists that they will have to pay legal costs for the opposing counsel if they lose. I wish there was a better way to deal with this particular issue without that sort of financial disaster waiting just to have a judge review the law. This friend has asked me to join in as a plaintiff in the lawsuit.... but I'm still weighing my options on that issue.

I do understand if you want to cut and run instead. It is the easier thing to do in that situation.

Re:Well, good thing I didn't research this area.

[fotbr]

I wish you and your friend the best of luck. In my case, the repercussions weren't likely to be merely financial, but quite likely involve unpleasantness from said sheriff's dept and county judges, which also influenced my decision to get the hell out while I could.

It's a shame that it comes down to this though.

The flip side, if you could call it that, is that the system there was *really* not looking forward to electronic voting because as vulnerable as those systems are, they weren't smart enough to pull their shenanigans with that newfangled lektronik votin box. So maybe there's hope.

Or maybe they'll just pay someone smart enough. I'm sure they can find another county position for their newest friend.

Re:Well, good thing I didn't research this area.

[mpe]

A voting machine that prints out, you check and then but in a box in the old fashioned way, stops spoilt papers and unclear intentions,

Assuming that eliminating "spoilt papers" and "unclear intentions" is actually a desirable (and that great care has been taken not to eliminate uncommon, but correct, ways to vote.)
There's also the issue of complex ballots, including multiple elections on the same ballot paper. Something which appears to be common in the US, but very rare anywhere else.

Re:Well, good thing I didn't research this area.

[mpe]

I was just thinking there was a cost associated with counting votes by hand.

Probably considerably less than obtaining, maintaining and securely storing complex machines which will hardly ever actually be used.

Re:Well, good thing I didn't research this area.

[errandum]

First, I've been answering to the guy who says there is no "secure voting protocol". I just described a secure voting protocol. A Man in the Middle attack on the voting protocol I described would do nothing.

I also addressed the article when I said: "PS: If you have enough access to a machine that should be guarded from any such attempt... true, you might be able to tweek the outcome of a vote, but if you want to influence something you could simply go after the weakest link in the chain: Human beings."

You were complaining about anonymous voting. The protocol I described would allow anonymous encrypted voting (and if well applied could even be used to safeguard the machine from the attack described in the article, by encrypting the communication from the screen to the computer, if I understand correctly they gather the input and then change it).

Either way, please explain where does anonymous and the article come in contact anywhere?

Re:Well, good thing I didn't research this area.

[JasterBobaMereel]

We in the UK have multiple elections at the same time (Local, National, EU) but have a ballot paper for each, clear and not difficult to do?

Re:Well, good thing I didn't research this area.

[icebraining]

Oh, OK. So if we could trust the machine - which the article proves we can't - it would be easy to develop such protocol. That's helpful.

I also addressed the article when I said: "PS: If you have enough access to a machine that should be guarded from any such attempt... true, you might be able to tweek the outcome of a vote, but if you want to influence something you could simply go after the weakest link in the chain: Human beings."

This is just hand-waving. The fact is that the machines are an extra weak link. To have a workable protocol you need to remove trust from it, which you didn't.

Re:Well, good thing I didn't research this area.

[errandum]

The machines are not the weak link. The security surrounding the machines is. And simple procedures like an inspection to each and every machine prior to voting should be enough to foil the attack described in the article.

That's like saying that if someone leaves the the votes for something unatended and someone switches them out the weak link is the paper or the room.

No, the weak link is the person and all the procedures surrounding a vote. Do it right and it's safer than paper.

Re:Well, good thing I didn't research this area.

[SkimTony]

I definitely prefer machine-readable paper ballots. I've seen "complete the arrow" ballots (you fill in the middle of the arrow in front of the candidate you want), with multiple contests per side, that seem to work fine. Easily machine readable, and easily human readable. Sounds like the beginning a list of requirements for any modern voting system, methinks.

Vote tracking

[AK+Marc]

Even with all the massive problems, people still are pushing for electronic voting. The simplest and only sure way to fix the problems is to move back to open vote, which worked great in the past and would ensure that nobody could ever tamper with a voting machine again. Yes, I'm aware of the supposed problems that so many people bring up regarding vote tampering, but absentee voting is available everywhere now with all the same weaknesses and no problems with vote tampering.

Re:Vote tracking

Sure, and allow the kind of MASSIVE voter-intimidation of Tammaney Hall in New York City that went on in the 19th Century? Secret ballot was brought in FOR A REASON!

Go back to paper, it takes longer, but is better accountability.

Re:Vote tracking

[Gideon+Wells]

Well, the main flaw with electronic voting right now is simply that it seems rare from the press I am seeing that there are paper ballots, or receipts mind you, printed out as well. Keep in mind this might be a case of positive news of E-voting focuses on the E-part and the printers are only mentioned in the negative press attacking flaws.

Electronic voting, when the information is not tampered with, is more accurate and faster than the old paper voting. Human error can occur in counting them. See 2000 recount efforts.

The best of both worlds is an auditing system with each voting machine printing out a paper ballot that the voter can verify before turning end. Random X% precincts get hit by the auditing stick to count their votes the old fashion way to make sure they match the electronic vote counts. Perhaps fund research into an Wal-Street level algorithm that is designed to pick out precincts that vote out of proportion for their demographic makeup for that election with a certain margin of error.

Re:Vote tracking

[compro01]

See 2000 recount efforts.

See : idiotically design ballot and what I can only presume is deliberate incompetence due to the inability to create a machine to reliably punch holes in paper.

Re:Vote tracking

[AK+Marc]

There is *no* accountability in paper. See the Florida count of 2000. The margin of error was vastly greater than the margin. Open ballots worked great for the first 100 years of the USA, with the only "real" problems being around the time of a Civil War (and secret ballots didn't help, they just changed the problems to ones that are easier to ignore and pretend don't happen even with proof otherwise).

Not to mention that with absentee balloting, intimidation could be taking place right now, but it doesn't. Why not address that point? Is it because deep down, you know you are wrong?

Re:Vote tracking

[AK+Marc]

Aside from stupidity like the movie Swing Vote, what would your recount look like if you knew the name of every voter for the ballot, so if it was unreadble, you could call them up and ask them to come in and re-cast? There'd never be any errors again (assuming nobody dies between the vote and the recount). But instead, you want proven errors of a different kind, rather than an error-free method. I don't understand why people are fighting about which errors they prefer, rather than eliminating them.

Hopefully fixed quickly

[danbuter]

Now that it's been exposed, it will hopefully be fixed very quickly. Though I wonder how many other "unknown" bugs there are that will allow someone mess with votes.

Re:Hopefully fixed quickly

[Fned]

Now that it's been exposed, it will hopefully be fixed very quickly.

You must be new here.

Seriously, though, has Diebold EVER fixed a vulnerability?

Re:Hopefully fixed quickly

[riverat1]

The problems with DRE's are not fixable in any way.

Without evidence of tampering?

[martyros]

How is this "without evidence of tampering", when they have an actual circuit board ("alien electronic") inserted into the machine?

Also, to hide the fact that they're changing votes, they blank out the screen. How likely is it that *no one* notices this?

Re:Without evidence of tampering?

[lammy]

"Without evidence of tampering" obviously refers to the state of the machines if the alien circuitry is removed before inspection. The attack does not require any wires to be cut or internal components to be destroyed or removed, which would leave physical evidence. You do have a point about the screen blanking, though. Although it only blanks for a split second and I guess most users could be led to believe that this was normal behaviour. Is it suspicious enough for the regular Joe election supervisor to call off the poll and open up the machine?

Re:Without evidence of tampering?

[znerk]

If you can blank the screen, then it should be feasible to actually *change* the screen's output. This attack doesn't require any knowledge of the actual election software, but if you *did* have that knowledge, you could dummy up a screen that has the "correct" votes on it, and display that instead of the votes that are actually being recorded.

Also, the "without evidence of tampering" is referring to the lack of any evidence that the machine has been tampered with after you remove the alien hardware. Gain access to the machine weeks or months before voting opens, then simply cast your vote later in the day and remove your hardware... no evidence.

Re:Without evidence of tampering?

[znerk]

And why do they call it a "Man-In-The-Middle Remote Attack"??

"Man in the middle" refers to the fact that the alien hardware is able to intercept and modify the authorized information, between the authorized user (the voter) and the intended recipient (the cast ballot).

The "remote" portion of the descriptor refers to the fact that the "man in the middle" is using a remote control to "attack" the system; that is, the compromised unit is being controlled remotely by someone other than the person standing at the controls/interface.

Re:Without evidence of tampering?

[thegarbz]

How is this "without evidence of tampering", when they have an actual circuit board ("alien electronic") inserted into the machine?

Also, to hide the fact that they're changing votes, they blank out the screen. How likely is it that *no one* notices this?

Both of these refer to the user of the machine who's vote is being tampered with. As the case is not made of acrylic I don't know if it has a surplus circuit board installed in it by the person who was in the booth before me.

Also as someone who has never used an e-voting machine how am I supposed to know the screen isn't supposed to blank?

Re:Without evidence of tampering?

[Joce640k]

How likely is it that *no one* notices this?

If it's your first ever time using the software then *very likely* because you don't know what's 'normal'.

Duh.

Re:Without evidence of tampering?

[kelemvor4]

How is this "without evidence of tampering", when they have an actual circuit board ("alien electronic") inserted into the machine?

Also, to hide the fact that they're changing votes, they blank out the screen. How likely is it that *no one* notices this?

They discuss it at 8:35 in the video. Because there's no soldering, you can remove the board when you are done with the vote tampering and nobody would be the wiser.

Re:Without evidence of tampering?

[BradleyUffner]

"Without evidence of tampering" obviously refers to the state of the machines if the alien circuitry is removed before inspection. The attack does not require any wires to be cut or internal components to be destroyed or removed, which would leave physical evidence.

You do have a point about the screen blanking, though. Although it only blanks for a split second and I guess most users could be led to believe that this was normal behaviour. Is it suspicious enough for the regular Joe election supervisor to call off the poll and open up the machine?

Isn't there usually some sort of Tamper Seal on these things that has to be broken in order to open them up and install new parts?

Why is there no paper trail?

[GoodNewsJimDotCom]

Sure, use electronic voting tallying because we're lazy and don't want to tally paper votes anymore. But keep the paper trail for validation! What is the point of not having a paper trail for validation? You save a few trees? Look at our new government, it is sold to the highest bidder, but we'll save every last one of you a penny in taxes.

Re:Why is there no paper trail?

[kelemvor4]

Sure, use electronic voting tallying because we're lazy and don't want to tally paper votes anymore. But keep the paper trail for validation! What is the point of not having a paper trail for validation? You save a few trees? Look at our new government, it is sold to the highest bidder, but we'll save every last one of you a penny in taxes.

You may not be from the USA and therefore may not be aware of situations like the U.S. presidential election issues in 2000 ( http://en.wikipedia.org/wiki/United_States_presidential_election,_2000#Results as an example). There are massive flaws in the paper voting system as well. Electronic voting was one concept being used to try and rectify the situation and security analysis such as the one in TFA are a step in the right direction.

Paper failed miserably, electronic is the new concept; and the bugs need to be worked out of the system prior to election time.

Re:Why is there no paper trail?

[GoodNewsJimDotCom]

Maybe you misunderstand what I am saying. I am saying to use both systems. Electronic can be hacked, and this guy even proves it. There needs to be some way to validate against paper records to make sure someone isn't hacking the system.

Re:Why is there no paper trail?

[riverat1]

The "bug" is the fact that it's an electronic system. Improperly conceived paper systems can fail but the failure is usually obvious. Electronic systems can fail without it being obvious.

Re:Why is there no paper trail?

[SkimTony]

Paper didn't fail miserably - paper ballots work fantastically. Punch-cards failed miserably, which was the problem in Florida. Given that every child in this country is rigorously trained in the use of scan-tron forms (the kind where you fill in or mark the bubble for the answer you want), I think we should switch to that model. They are easily machine readable, and easily human (re-)countable. Heck, it'll give all those College Board employees something to do in the off-season.

Re:Why is there no paper trail?

[kelemvor4]

Interesting idea...

Maybe something as simple as an electronic machine that printed out a paper ballot that the voter could validate and turn in. This way you'd be sure the ballot was filled out properly and have the assurance that comes with manual paper ballots. Of course for that to work, voters would have to actually verify the paper ballot after it was printed...

Man on the inside

[jamesl]

"[T]he Argonne team's attack required no modification, reprogramming, or even knowledge, of the voting machine's proprietary source code ...

No, all they needed was access to the machine's internals, modification of it's electronics and knowledge of how to "insert a piece of 'alien electronics' into a circuit board."

Once you give someone physical control of your machine, you have given someone control of your machine.

Re:Man on the inside

[berashith]

this is true. I made a replica of a Diebold voting machine and crammed an atari 2600 into it. If anyone wanted to vote for an independent, they had to first solve jungle hunt. Totally hacked the voting process.

Re:Man on the inside

[thegarbz]

Given how last year we saw articles on how dead easy these things were to get into despite the fancy looking lock, this attack is still falls in the category of "could conceivably happen".

Re:Man on the inside

[Hentes]

True, but voters DO have physical control over the machine.

Re:The only thing worse than this..

[GoodNewsJimDotCom]

That is bad, but let us say you have a new democracy(it happens, new governments come up).
Is it possible to have a national ID and password which would let you vote on issues without the need for public elected officials?
One reason for representative government is that everyone could not vote on every single issue for the state because they could not all fit in one place and have discourse. The Internet could let everyone meet in one place. A whole new government style could be formed that has limited representative for figure head events.

I don't get why these people report the flaws

These people who find these flaws are doing it wrong. They should just hack all the machines to elect the drunk bum down the street or the crazy cat lady to office and get it all over with.

Re:I don't get why these people report the flaws

[Pieroxy]

Agreed. Take the last presidential election: If all electronic votes had come to McCain (or Obama) it would have been obvious for everyone involved that something was wrong. You have no booth where 100% of the votes goes to ONE candidate.

Re:Not very correct

[JWSmythe]

    What they're saying is that no soldering on the original hardware, nor replacement of any components is necessary. Some previous attacks required the removal of the storage media (compact flash, if I remember right).

    The unit they demonstrated simply requires unplugging two things, and putting their unit in between. After the election is complete, they'd simply need to access the units again, remove the component, and all is well.

    Most "void if broken" seals can be easily replicated. It's just a matter of getting a replacement seal in time. For the most part, people are dumb. If you do a good job of cleaning off the seal, they'd never notice it is missing.

Good thing i live in a country where...

[abridgedslashdotuser]

...voter fraud machines aren't allowed in general elections. Company's can build these shitty fraudy things, they can sell them to any foreign government and let them fraud there votes, but it is not okay to do it here(tm) and that is okay. Which is, in my opinion (hahaha), one of the best things ever! Screaming "USA USA USA" and demanding tax cuts just doesn't change anything. But having good regulations, a good supreme court and everybody paying their fair share, does. So US get your act together and ban these fraud machine crap. Whining about it bugs and flaws, thinking about asking companys to fix them, will not get you anywhere!

inserting the inexpensive electronic device

[mangu]

With a pencil-and-paper-based system, you need to distract a great number of people *on election day*

Hmmm, wrong! Your rose-tinted-glasses view of paper votes clashes with reality.

As long as you can raise doubt about the accuracy of votes you can request a recount. Good luck with keeping supervision on all ballot boxes for all time after the election until the last recount is done.

I can' t understand how slashdotters keep raising the same theoretical objections to electronic voting while they disregard the observed facts. Guys, this is religion! Slashdot dogma says electronic voting is bad, paper voting is perfect. This is stupid.

I'm all for researching possible attacks on electronic ballots, but as a means to perfect the system, not as an argument to pretend there are no possible ways to improve it. So, is there a way to insert an "inexpensive electronic device" into a ballot? Simple solution, remove all unused connectors from the circuit boards. For every vulnerability there's a solution.

Vulnerabilities in electronic votes are the equivalent of butterfly ballots and hanging chads. If only people had shown the same determination to find all possible modes of failure in the paper system used in the Florida 2000 election...

Re:inserting the inexpensive electronic device

[Sique]

I have to correct you, but actually it's possible to supervise all voting boxes until the last recount is done. If you understand any german (or the english your favourite online translator generates from german), you might have a look at Voting Fraud of Dachau to see it in action.

Re:inserting the inexpensive electronic device

[Joce640k]

This is true for all nerdy arguments - if something isn't 100% perfect then it's obviously completely useless.

Usually we ignore the real world practicalities (I believe there's an XKCD cartoon about breaking 4096 bit encryption with a $5 wrench which illustrates this point nicely).

OTOH the Diebold contract should have been cancelled a long time ago and the people forbidden from ever working in security. They're seriously incompetent.

Me? I think electronic voting is basically flawed because information can be tampered with and leave no trace. I want something physical that can be audited later.

My plan:

I'd have the machines print out little cards with a plain text version of the votes on one side and QR codes printed on the other. You can check your vote is correct, fold it in half (it's pre-scored and has glue dots) so that only the QR codes are visible then drop it in the ballot box. The votes can be counted electronically and you have something physical which can be randomly sampled and/or audited later. Best of both worlds!

Re:inserting the inexpensive electronic device

[PopeRatzo]

Vulnerabilities in electronic votes are the equivalent of butterfly ballots and hanging chads. If only people had shown the same determination to find all possible modes of failure in the paper system used in the Florida 2000 election...

No. The extreme vulnerability in electronic voting is not the equivalent of hanging chads. It's the equivalent of powerful people having access to a simple method of rigging elections, as the Supreme Court and Citizens United wasn't enough.

Re:inserting the inexpensive electronic device

[SlippyToad]

And now you just ruined it with your tinfoil hat.

Citizens' United is a real SCOTUS ruling which effectively removes any and all campaign finance reform rules and leaves US elections a massive, no-rules free for all. What part of that sold, indisputable fact do you fucking think is "tinfoil hat" worthy?

Re:inserting the inexpensive electronic device

[tbannist]

The Supreme Court did prevent a recount from occurring and thus changed the results of the Presidential Election in 2000. You may want to spend some time considering how the world might be different if instead of playing politics they had simply ruled that all ballots in Florida must be recounted as an equal protection measure. Would the war in Iraq have happened? Would the financial crash in 2008? We will never know, but the Supreme court bears partial responsibility both disasters now since they clearly chose to decide along political lines instead of legal ones and thus tampered with the will of the people.

It's never a good sign when the legal system is picking the political leaders is a supposed democracy (democratic republic for the ignorant mouth-breathing pendants).

Re:inserting the inexpensive electronic device

[Fnord666]

This is true for all nerdy arguments - if something isn't 100% perfect then it's obviously completely useless.

Of course, but then we do tend to think in binary.

Re:inserting the inexpensive electronic device

[Entrope]

The part where you totally misrepresent what the Citizens United ruling does. (It allows corporations to spend money on campaign ads, rather than requiring them to create a PAC to spend the money. It does not allow them to donate to election campaigns, it does not allow any new kinds of coordination between corporations and election campaigns, it does not change any donation limits, and it does not reduce any disclosure requirements.)

Of course, you are in good company -- the President of the United States is (or was) apparently almost as deluded as you are about what the ruling says.

Re:inserting the inexpensive electronic device

I've been a voting official; I attended the mandatory training and staffed a booth all day long for the last US presidential election.

I'm also one of the people who has totally unrestricted, totally unsupervised access to dozens of voting machines.

This has nothing to do with my status as a trained voting official; basically, I do volunteer maintenance work at local schools and Unitarian Universalist churches. Somebody has to show up at 2AM to fix busted pipes, you know - that somebody is usually me. And in order to distribute the voting machines to the polling places in time, they are generally left in locked rooms at schools and churches for several days.

I have the keys. And even if I didn't have the keys, obviously I have the skills to get into locked rooms (since I wouldn't be much of a maintenance man if I couldn't get past a door with an inoperative lock). And nobody notices or cares if I'm at the school alone for five hours late at night, because that's something I do whenever it's necessary.

My reality-based study of the subject convinces me that the current system is optimized for vote fraud. I could easily subvert a hundred machines in any election with near-zero chance of detection.

Certainly, a paper-based system could also be optimized for corruption - you're absolutely right about that! The example of hiring for-profit companies to design and build machines that record votes by inadequately punching cards is a perfect case in point.

But regardless of the efficacy of paper votes, the current generation of voting machines are fundamentally flawed and will never be capable of resisting any half-hearted attempt to subvert them. They are designed to be subverted, either intentionally or due to massive incompetence on the part of their designers.

A voting machine needs to be totally open source, and use voter-verified write-only recording media. Every voter needs to be able to look at the vote that was permanently recorded at time of voting, or the system is trivially defeated. It doesn't matter if votes are recorded on paper, chiseled in stone, or spraypainted on the wall, what matters is that audit trails are not written to trivially rewritable media (magnetic or flash, for example) and that operational hardware and software designs are available to all enfranchised citizens for examination and review.

Re:inserting the inexpensive electronic device

[Nadaka]

No. The printed computer readable code used for counting also needs to be human readable. Why? A compromised machine could print codes that do not match the human readable verification.

Print the results in a large simple font and OCR will work for any undamaged ballot.

Re:inserting the inexpensive electronic device

[Nadaka]

There isn't a problem with corporations donating to the campaign of a politician.

There is a problem with corporations being allowed UNLIMITED and ANONYMOUS donations to the campaign of a politicization.

Citizens United eliminates the transparency required in the electoral system and actively encourages bribes and votes for pay.

Re:inserting the inexpensive electronic device

[Nadaka]

Campaign Ads are where >90% of all campaign spending goes. Donating Campaign Ads is the same as donating money if the politician has the minimal base required to cover the other few percent of campaign expenses.

Re:inserting the inexpensive electronic device

[Entrope]

What is your point? That corporations that make things will now have the same flexibility to endorse candidates that unions have always had? That individuals who pool their money to advocate certain causes (which is what Citizens United was) can publish their common point of view? The rules that limit coordination between an election campaign and outside parties are still in effect, as I mentioned in my earlier post; for a corporation to pay for a campaign ad would be an illegal donation of goods and/or services to the campaign.

If you have some specific, plausible, worry then please share it. As it is, you are just reinforcing the tin-foil-hat impression.

Re:inserting the inexpensive electronic device

[Joce640k]

That would be found out in the random sampling of the ballot papers that takes place later.

Ballot papers are supposed to be secret, not something that people can read from ten yards away.

Re:inserting the inexpensive electronic device

[gumbi+west]

The size of the conspiracy needed to have a serious amount of vote selling is so large that we are completely sunk from the get go if that is a concern.

The ballot never leaves the voting area, only the vote counter gets close to it, video and other imaging technology would be needed and can be monitored.

Re:inserting the inexpensive electronic device

[gumbi+west]

At the end of the day the machine will have a count on it A: 120, B: 83. You then randomly select a small fraction of the machines and count the ballots in them. If there are discrepancies, you can project their size accurately and see if the margin of error is close to a win/loss changer.

If there are individual machine with seriously questionable results, you can again open them up and do a hand count.

The idea of the non-humanly readable format is so the vote is private. Where I used to vote, you punch holes, so a person who knows the hold orders could see my vote regardless of which side is up when I'm putting it in the machine.

Re:inserting the inexpensive electronic device

[gumbi+west]

my favorite translator wont' accept a webpage with an umlaut over a letter.

Re:inserting the inexpensive electronic device

[Nadaka]

They have this incredible new invention, it is called paper. It has two sides and is capable of a revolutionary process called folding so that marks made on the inside are invisible from the outside!

The electronic ballot prints the paper and the user can verify his vote before casting it.
The user folds the ballot and takes it to the ballot box.
The paper is fed through an optical scanner and into the ballot box.
The scanner provides the initial count, that is later confirmed by hand counts.

This addiction we have with instant results is a problem, we don't need to know the absolute results of an election before midnight. Every ballot needs to be counted. Random sampling is NOT sufficient.

Re:inserting the inexpensive electronic device

[gumbi+west]

So, is there a way to insert an "inexpensive electronic device" into a ballot? Simple solution, remove all unused connectors from the circuit boards. For every vulnerability there's a solution.

From the abstract of the video, the man in the middle is between the UI and the machine. No way to remove that vulnerability.

Here is an unremovable attacks to a purely electronic system: system programed to not count votes correctly if the date and time are right for voting based on an unsettable clock not revealed to the administrator's UI--when the battery on the clock fails, the machine reports a hardware failure that requires service form the manufacturer.

You could get around this with an open hardware and open software method, but it somehow got deep into our consciousness that profit is better than no profit when it comes to manufacturing, so that will never happen (the obstacle here is not technical, it is sociological).

Re:inserting the inexpensive electronic device

[Nadaka]

Random sampling is not sufficient. All votes must be equal. All votes must be counted.

Re:inserting the inexpensive electronic device

[hsthompson69]

I've always wondered why there isn't a hybrid system - make your electronic vote print out a receipt, validate the receipt and drop the receipt in the box. If someone manages to compromise the electronic system, you've got a paper trail backup. If someone manages to compromise the paper system, you've got the electronic one.

Isn't defense in depth the order of the day here?

Re:inserting the inexpensive electronic device

[HeckRuler]

It IS a concern. It was a problem back in the day and the hell if we're going to regress to be vulnerable to problems we've already solved.

Don't be that guy that breaks regression.

Honestly though, it's trivial to sneak in a cell phone and take a picture of your ballot. With that picture, you can show it to someone and they could pay your for your vote. Sure, it's illegal to carry a camera into the booth, but it's not a strict rule, and everyone has a cell phone with a camera. Vote buying could easily be done today. And no, it can't be monitored. Unless you want the TSA to be strip searching everyone before they go to vote, and that's just not feasible.

Re:inserting the inexpensive electronic device

[Unequivocal]

I don't fold my current voting sheet. I carry it from the booth to the reader wide out in the open where anyone can see it. If I want to stuff it in my shirt, or hold it against my chest I guess I could, but even then I have to mark both sides of the ballot so the under-the-shirt method is the only way I guess.

Anyway, this problem exists today at least in my county with regular paper ballots.

Re:inserting the inexpensive electronic device

[Unequivocal]

You're joking right? If not, the random sample is to check that all the votes that were counted by the machine are reflective of what the voters actually attempted to vote for (detecting mismatch between voter intention and what the machine is producing for counting). All votes are counted in any of these systems.

Re:inserting the inexpensive electronic device

[i_b_don]

Mod parent up.

I've always figured that the solution is exactly what you just mentioned and I get frustrated in these slashdot discussions that the answer doesn't appear this obvious to everyone.

d

Re:inserting the inexpensive electronic device

[Nadaka]

A random sample is not sufficient to eliminate the possibility of the vote counting machine having been tampered with. Particularly if it is randomly selected by a pseudo random number generator. The most that electronic counting can provide is a rapid estimation of the real vote count. All votes must be verified to prevent fraud. Democracy is far too important to take chances with.

Re:inserting the inexpensive electronic device

[Fned]

Vulnerabilities in electronic votes are the equivalent of butterfly ballots and hanging chads.

They're not in any fuckin' ballpark. They're not even the same fuckin' sport.

Re:inserting the inexpensive electronic device

[Unequivocal]

All votes today are not hand counted visually by a human (at least in California where I'm from), so I'm not sure what you're talking about, or rather I think this train has already left the station. Today, I physically mark a paper ballot, but the count is done by an optical scanner. Detection of fraud in that scanner can be done by random sampling, but I don't know for sure when or how this is actually done in CA.

I do know that random sampling as a practice can detect significant deviations in voter intention and recorded counts, and is used widely in ensuring fair voting in many countries around the world.

I agree with your sentiment that we shouldn't fool around with this system like we do with health records, banking or other so called "critical" services. This one critical service is far far more vulnerable and important than all the others..

Re:inserting the inexpensive electronic device

[Nadaka]

The scanner can be compromised. If each and every vote is not counted and verified by independent observers to match the electronic data, then your elections in California are flawed and unverifiable

You don't need significant deviations in voter intention and recorded counts to fraudulently change the results of an election.

Re:inserting the inexpensive electronic device

[Nadaka]

this "problem" is solved by having the back of the ballot be blank.

Re:inserting the inexpensive electronic device

[PopeRatzo]

The part where you totally misrepresent what the Citizens United ruling does. (It allows corporations to spend money on campaign ads, rather than requiring them to create a PAC to spend the money. It does not allow them to donate to election campaigns, it does not allow any new kinds of coordination between corporations and election campaigns, it does not change any donation limits, and it does not reduce any disclosure requirements.)

You left out the most important part of the Citizens United decision: that it establishes for the first time the "personhood" of corporations, giving them a set of guaranteed rights that they never had before. Creating an entirely new class of "person" is a big deal. Creating an entirely new class of "person" for the destructive golem that is the transnational corporation is perverse.

The Founders would shit themselves if they knew what a handful of corrupt judges has done with the Citizens United ruling.

Re:inserting the inexpensive electronic device

[Entrope]

Exactly what planet are you from? Corporate personhood is a long-established doctrine. Citizens United only recognizes that people who organize as a corporation can exercise their First Amendment rights through that corporation.

Re:inserting the inexpensive electronic device

[Medievalist]

My reality-based study of the subject convinces me that the current system is optimized for vote fraud. I could easily subvert a hundred machines in any election with near-zero chance of detection.

Yeah, but, see, "That's not the way the world really works anymore. We're an empire now, and when we act, we create our own reality. And while you're studying that reality - judiciously, as you will - we'll act again, creating other new realities, which you can study too, and that's how things will sort out. We're history's actors... and you, all of you, will be left to just study what we do."

(For those unfamiliar with it, that's a quote from an unnamed member of faith-based President George W. Bush's 2004 re-election campaign - see here: http://en.wikipedia.org/wiki/Reality_based )

Once you leave the reality-based community, you'll find that you can make all the voting machines unhackable by simply believing it is so!.

Re:inserting the inexpensive electronic device

[Fjandr]

In a national election, vote coercion and vote selling is not a concern that should be given a second thought by anyone who is arguing a) rationally and b) without some ulterior motive.

To do it on any sort of scale would almost guarantee the person or organization behind it would be caught. On a minor scale, it's a problem that the fix would be worse than the number of cases it occurs in. Nobody has ever described to me a non-abusive system that could not be compromised on a small scale or a rational system that could be compromised on a large scale.

Re:inserting the inexpensive electronic device

[Fjandr]

It was a problem back in the day because large organizations could control polling places through violence.

It is not a concern now, and if it becomes one again we'll be having armed insurrection.

Re:inserting the inexpensive electronic device

[PopeRatzo]

Citizens United only recognizes that people who organize as a corporation can exercise their First Amendment rights through that corporation.

Unh-uh. Those "people who organize as a corporation" already have all those rights as individuals. So what's the need for corporate rights?

The "personhood" of corporations was only for purposes of entering into contracts, being sued and owning property. Before Citizens United, there was never a doctrine of corporations having the same unabridged rights of a person under the 14th Amendment.

Do you believe a corporation should have the right to vote? Run for office? Be subject to criminal law? If not, why not? Why should they be allowed to participate in elections as sponsors if they cannot in any other way? If you're going to consider them as "persons" why do you draw such arbitrary lines?

Oh, and opposition to the Citizens United ruling in the US runs around 80% of the population, FYI (see American Constitution Society). Not that it matters, of course, but it's worth noting. Even in the Tea Party there is 73% opposition and they're wholly funded by corporations.

Re:inserting the inexpensive electronic device

[Entrope]

Corporate rights are necessary for a lot of practical niceties. For example, without corporate rights, there is little basis to prosecute someone who walks out of a chain restaurant without paying.

After Citizens United, there is no doctrine that corporations have "the same unabridged rights of a person under the 14th Amendment". Corporations are already subject to criminal law. They cannot vote because of the principle "one [person], one vote". They cannot run for office because they could not effectively hold office -- corporations are steered the people who own them, and those people can change.

Did you have any more stupid questions?

Re:inserting the inexpensive electronic device

[PopeRatzo]

Corporations are already subject to criminal law.

Oh? How do they put a corporation in jail?

They cannot vote because of the principle "one [person], one vote".

So then you admit that they are not "a person". OK, we're making progress.

They cannot run for office because they could not effectively hold office -- corporations are steered the people who own them, and those people can change.

And those people already have unabridged rights. So people who are in corporations should have double the rights of an individual?

Re:inserting the inexpensive electronic device

[gumbi+west]

The fact that you don't understand how a system works doesn't mean that it is broken.

If the random number generator is at all competent, It would be really difficult to come up with fraud that could both change the election results and not be detected. If the results are close, I'd say count them all, it is what we do now and I see no reason not to. But most of the time you just need to verify that the machine did fine.

Re:inserting the inexpensive electronic device

[gumbi+west]

I vote with a pencil. Given your scheme, I could sell my vote and still vote my preference.

I see no reason not to make the system use pencils and allow the person to submit a hand penciled in ballot.

Re:inserting the inexpensive electronic device

[Entrope]

You asked about criminal liability, not going to jail. Obviously we cannot put a corporation in jail, but ask Arthur Andersen LLP if a corporation that is found guilty of criminal conduct gets off the hook easily (even if that verdict is later overturned).

A corporation is obviously not a person in the most common sense, but a corporation does have legal personhood. If you think a word -- whether "person" or most others -- has exactly the same meaning in all situations, you should probably pay more attention to how people, and the law, use language. (For example, according to a judge defending the PPACA from a facial challenge, a penalty assessed by the IRS is a tax for the purposes of the Anti-Injunction Act but is not a tax for the purposes of the Capitation Clause.) If you prefer, generalize "one man, one vote" as "one individual, one vote".

What do you think is special about the term "unabridged rights" that makes you keep using that phrase? Why do you think that corporate rights are somehow additions to the rights of the individuals who own or fund the corporation?

Re:inserting the inexpensive electronic device

[Medievalist]

It is not a concern now, and if it becomes one again we'll be having armed insurrection.

I doubt it. Most people don't even bother to vote. They aren't going to get off the sofa and arm themselves to defend something they don't care about.

Your "armed insurrection" would most likely consist of you and five of your buddies being gunned down by the local police forces. You'd have to come up with something far more creative than that, or you'd just be this week's "domestic terrorist" on the evening news.

Not meaning any insult to your patriotism or desire to preserve voting rights, just pointing out that you are an easily suppressed minority as soon as you resort to violence.

Re:inserting the inexpensive electronic device

[Fjandr]

I was referring to when armed mobs of people controlled polling places, which was the original reference. Something that's very not likely to happen again in the near future.

If that happens again, you can bet it'll be more than a handful of people.

Re:inserting the inexpensive electronic device

[Fjandr]

And no, I wouldn't be in a situation to be gunned down by the police. I am far more creative than that. :)

Re:inserting the inexpensive electronic device

[PopeRatzo]

but ask Arthur Andersen LLP if a corporation that is found guilty of criminal conduct gets off the hook easily

Are you suggesting that in the past 25 years the only companies that were guilty of criminal activity were Arthur Anderson and Enron?

If BP had been a "person" they'd be serving time for manslaughter.

Why do you think that corporate rights are somehow additions to the rights of the individuals who own or fund the corporation?

Because if the individual people who own or fund the corporation already have their individual rights, why should they have additional rights as a corporation? What need for "corporate rights" when all individuals have their own civil rights?

Re:inserting the inexpensive electronic device

[Entrope]

I never suggested that Arthur Andersen and Enron were the only criminal corporations. I have no idea where you got that idea -- I just picked one notable example of a case where a corporation was found guilty under the criminal code, and that conviction had very serious consequences for it. You were the one who asked if criminal law should apply to corporations (apparently when under the delusion that it does not).

You totally missed the point of my last question. I believe that the rights of a corporation do not add to the rights of the individuals who make up the corporation. They are a way to recognize that those rights still exist, even though the corporation (rather than the people) owns some assets on behalf of those individuals. In the Citizens United case, the Supreme Court said that people do have a right to pool their money and effectively speak to the public, and that forming a corporation to do so (for example, so that the normal rules for corporate governance apply) does not reduce or remove that right. You seem to think that the ruling somehow recognizes certain rights twice as much when corporations are involved.

Re:inserting the inexpensive electronic device

[Ocker3]

Not a bad idea actually

Re:inserting the inexpensive electronic device

[Ocker3]

How do you verify the vote-selling without direct access to the physical card, which should now be in the hands of independant and trustworthy vote-counters?

Re:inserting the inexpensive electronic device

[Ocker3]

Except the recounts of the counties in question actually went the other way...

Re:inserting the inexpensive electronic device

[PopeRatzo]

I never suggested that Arthur Andersen and Enron were the only criminal corporations.

How many more can you think of off the top of your head.

Think of the last 30 years. Now realize that you can only think of 2 criminal corporations that were actually punished.

Maybe you can come up with 3 or 4 or 5. In a quarter-century. Now are you starting to see my point? If corporations are "persons" then they are persons who are allowed to break the law with impunity. And do you want someone who breaks the law with impunity being able to buy elections?

Regarding a solution: what's wrong with publicly financed elections? The technology exists to get a message out without spending billions on TV commercials. The technology exists to create a level playing field. Why should money be the mechanism by which elections are won? Is that really a smart way to have elections? Wouldn't it be better for all of us if we took the money out of elections? Maybe we wouldn't have perpetual campaigns. Maybe there would be a possibility of people actually governing. Maybe we wouldn't see such a perversion of the media. We wouldn't see entities with lots of money being the only ones who get to participate in setting the public agenda.

I assume you believe that money = speech. Forget about the fact that this was not the Founders' intention. They were eloquent and logical men. If they wanted corporations to have personhood, they would have put it in the Constitution. One sentence. If they wanted money to equal speech, they could have added that, too. Just a few words. They don't mention free markets, they don't mention capitalism either (and it had been a concept with which the founders were familiar), but that's another discussion. Do you really want to codify the notion that people without money are not allowed to participate in public life? Do you really want a handful of corporations to have the loudest voices? The greatest influence? Does that sound like something Jefferson and Franklin and Madison would have wanted?

Re:inserting the inexpensive electronic device

[Entrope]

I generally do not pay attention to criminal convictions because they are not relevant to me. That is true whether the convict is a corporation or an individual; if we count as percentages of their respective (not-necessarily-convicted) populations, I can probably name more convicted corporations than I could convicted individuals. Your reasoning is as weak as your knowledge.

Re:inserting the inexpensive electronic device

[PopeRatzo]

I can probably name more convicted corporations than I could convicted individuals.

Seriously, you can only think of two people who have been famously convicted of a crime? Last 25 years? Let's see...Bernie Madoff, the last two governors of Illinois (Blagojevich and Ryan), Scooter Libby, Michael Vick, Tim McVeigh, the Unibomber, Lyndsay Lohan...

How many corporate convictions can you think of? I'm not just talking about civil fines. I'm talking about criminal convictions.

Go ahead. Name a few. Criminal convictions, not civil, like Microsoft's big fine.

Re:inserting the inexpensive electronic device

[Dr_Terminus]

I don't understand why voting has to be so difficult. The French system seems to be pretty secure: http://en.wikipedia.org/wiki/Elections_in_France#Voting_procedures

To summarize: When you enter the voting center, you get an envelope, and papers with the names of candidates on them. You go in the private voting booth, and for each race, you put the paper corresponding to the candidate you want in the envelope. You then seal the envelope, exit the voting booth and drop the envelope in a clear plastic box. Thats it. Then the votes are tallied by counting the number of papers for each candidate. Its low-tech, sure, but I would think it would be difficult to hack.

Re:inserting the inexpensive electronic device

[ResidentSourcerer]

Politicians buy your votes with promises.

Vote buying is a separate issue. The issue here is vote tampering. I vote for A but the system records me as voting for B or not voting.

The QR codes are a good idea. Take it further:

You get a number when you go to the poll. The number is on your ballot.

The number is used as a salt for a hash function. The number plus the candidate you vote for is hashed, and the result converted to a QR code. Since voting takes seconds anyway, it can be an expensive hash function.

NOW having a picture of the QR code doesn't show how you voted.

Meanwhile, every poll has a web page that lists the numbers of the ballots cast at that poll. Clicking on a number tells you what vote was recorded for that number. This allows statistical sampling of the vote.

Part of the system gives you a token with your ballot number on it. This allows you to check that your ballot was recorded correctly.

Your Vote Matters!

[arisvega]

See? It really does!

Now go vote!

Remotely! Here is your remote!

Re:Not very correct

[Tar-Alcarin]

Alternative attack vector: In a constituency wherein a majority statistically favors your opposition, just use a pen or whatever, to damage the "void if broken" seals. Presto; you've now cast doubt on the integrity of the votes in that ballot.

it's a sales pitch

[roman_mir]

these guys are selling something, they are selling a 'way to protect against this type of physical attack' against voting machines.

They are correct, this is a possible vector of attack. They are still trying to sell something.

Eff E-Vote, early voting is the way

[AwesomeMcgee]

Why do people want e-voting machines? Automatic counting is quicker and less costly than paying all the ballot counters. However, early voting is allowed like the entire month of november by mail-in, and because the job doesn't need to be done all in one day you pay less ballot counters and save money. We should do away with election day, make it election month, and get rid of these stupid electronic voting systems. Don't even need to use the postal service to have that interference, just setup some secure ballot boxes around town that the counters will collect and count daily. Hell put the counters in them, just use them armored money trucks. They already have the 24/7 satelite linked cameras in them to have remote eyes ensuring the counters aren't screwing with votes.

Whew

[sgt+scrub]

"Often the polling places are in elementary schools or a church basement or some place that doesn't really have a great deal of security."

At least they are not in the hands of someone with a political agenda.

Re:Not very correct

[Joce640k]

Physical seals are worthless against well-funded enemies.

Re:The only thing worse than this..

[Hentes]

I thought about this a lot and I don't think it's possible to create an Internet voting system that is comfortable, secure and anonymous. The biggest problem is vote selling, but there are a lot of others as well. For example, at some point you have to register yourself physically, wich would mean that you have to show up in an office anyway. Also, you can't just use your ID to vote because of privacy issues. But if you want the system to be secure you will need a unique code that only you know. But what about the person who gives you the code? There are many similar problems and while I hope there is a system that can solve all at the same time I am sceptical.

Die Bold...

[MindPrison]

It died boldly just like yesterdays votes.

Tamper Proof?

[Coreigh]

I saw this discussion on another site and someone asked 'Why can they make rock solid tamper proof slot machines but not voting machines?' I realize they are not the same animal but the concepts of security and tampering must be very similar.

Re:Tamper Proof?

[dltaylor]

Because the people making the gambling machines want them secure FROM cheaters, while the people making the voting machines want them secure FOR cheaters (cough cough GWB cough).

Re:Tamper Proof?

[InsertCleverUsername]

Exactly. Somehow we can make ATMs, electronic slot machines, and all kinds of online transactions secure, but can't secure a vote? Sounds like a lack of will at best, a nefarious plan to make U.S. democracy more of a farce that it already is at worst.

Re:Tamper Proof?

[riverat1]

The fundamental difference between voting and those other transactions is that voting is a secret transaction where you can't be able to connect a particular vote to a particular voter. Those other things don't require that level of secrecy.

Re:Tamper Proof?

[InsertCleverUsername]

The fundamental difference between voting and those other transactions is that voting is a secret transaction where you can't be able to connect a particular vote to a particular voter. Those other things don't require that level of secrecy.

Identity and encryption really don't need to be related. TOR doesn't know who you are, but the packets get there nonetheless. Give a voter an encoded receipt and they can punch/scan in a code from any web browser to see what votes were made for the unique, randomized code they received. Anonymous and verifiable.

Re:Tamper Proof?

[riverat1]

If you can prove how you voted then you can be pressured to prove it by a third party. Since you can prove how you voted it would be possible to sell your vote to the highest bidder.

I've been in computers for over 25 years (Sys & DB admin on VMS & Solaris mostly). The only way I would fully trust the software that was on a voting machine is if I personally vetted, compiled and loaded the software (including the OS). Even then you have to deal with the BIOS and other embedded software. Electronic voting is a solution looking for a problem. Fortunately in my state we have vote-by-mail so almost all ballots are on paper. There are a few DRE's at county elections offices for the sake of handicapped people who require them because of ADA. The ballots still get counted on ScanTron's which I wish they would audit a bit more but recounts of close elections almost never change the results.

Re:Tamper Proof?

[InsertCleverUsername]

If you can prove how you voted then you can be pressured to prove it by a third party. Since you can prove how you voted it would be possible to sell your vote to the highest bidder.

Hmmm... I see your point. But, then again, the GOP has been buying votes by bribing people with their own money (lower taxes) for years now.

Re:Tamper Proof?

[riverat1]

I see your point as well, but at least it's out in the open.

Concerned.

[fferret]

I'm an election judge, and I forwarded this to my county Board of Elections, with a note recommending we need to conduct a machine inspection, along with a review of how the machines are physically secured. Once the machines are fielded to the polls, usually days before the election, we need to find a way to seal them at the poll until they are used. On the subject of DRE versus other methods of vote registration/counting, I agree that DRE is still an inherently un-secure technology, but my county/state made a massive investment, and cannot afford to replace them. The best thing we can do as poll workers is to take whatever steps needed to reassure the voting public their vote is accurately recorded and secure from tampering at the poll. We have no control beyond that.

Re:Wow one of the worst Slashdot things ever

[fferret]

The point is not that Diebold sold the division making the Accuvote TS. The point is that thousands of these are deployed and in use, and therefore the vulnerability is real and has an impact on the 2012 elections. Comment fail.

Re:The only thing worse than this..

[Martz]

*whoosh*

I wonder why I don't care...

[JustAnotherIdiot]

...Oh that's right, because popular vote doesn't matter.
See: 2000 election.

Re:Banal solutions..

[fferret]

You've missed the point. Secret ballots protect each voter from reprisal for their vote. Given the heated political environment these days, I'm pretty certain that if your suggestion were followed, there would be post-election reprisals, ranging from discrimination to criminal acts.

Re:Not very correct

[bittmann]

Most "void if broken" seals can be easily replicated. It's just a matter of getting a replacement seal in time. For the most part, people are dumb. If you do a good job of cleaning off the seal, they'd never notice it is missing.

I'll go you one further--I seriously doubt that "void if broken" seals would even be honored! If they were, any griefer with an axe to grind could quietly slice a "void if broken" seal and arguably void (nullify) any votes cast on that box up until the point that broken seal is noticed -- possibly all day. Unless (of course) the seals are visually checked in between each voter, right? So next time you go to the polls, watch how the lines move, and see if you think everything is visually inspected and verified between each voter.

And if this sort of vandalism did happen, what would you bet that the votes up till then wouldn't be nullified regardless of the state of the tamper seals? What makes you think that this sort of thing hasn't already happened? In past election, seals have been found missing/cut on machines, it's been reported, and it's been ignored and the votes counted regardless, e.g. as reported here. Nice.

No budget?

[Fuzzums]

Well. If you have no budget for a 15 minute home video, you're on a REALLY tight budget...

Paper is NOT the answer

[davide+marney]

I am a poll worker in Virginia. If you haven't tried to run an election, you're probably thinking that paper is the obvious answer. Just count the votes! How hard can it be?

Paper is a horrible medium for counting things. Paper gets lost. It gets defaced. It can become illegible ("hanging" chads anyone?). It can be crumpled, torn, shredded, soaked, burned, stuffed, and stuck to other pieces of paper. Bottom line, voters prefer electronic voting equipment because it is easier and simpler to use. (See this study from Rice University.) Poll workers prefer electronic voting because it much more reliable, and far easier to manage effectively.

There's a reason banks don't use paper receipts and hand-written ledger books anymore. Those same reasons apply to running elections. Automation is great.

The MITM attack scenario outlined in the parent article requires that someone gain physical access to the voting machine not once but twice -- both before and after the election. That's a very high hurdle! Our voting machines are under lock and key. The cases are sealed. We check the serial numbers and write them down. We open and close the cases in the open. The courts keep a record of the serial numbers.

If your scenario is that I have to collude with an entire staff of volunteer poll workers, or I have to corrupt an entire office of election, or I have to corrupt the local Court, then getting into the machines is the least of your worries. Granted, physical security is important, and that's why we have procedures such as serialized seals.

Re:Paper is NOT the answer

[Doc+Ruby]

Because voters and poll workers are too lazy and stupid to either use paper trails or demand vendors make them easy to use, they're better?

The use cases for bank records are completely different than for voting machines. Bank records mostly have to be re-read and updated fairly frequently (or even several times a day) for nearly every American throughout the year, while votes are counted once or twice per person - and only at most 1/3 of Americans. Failure of bank archives can be insured, but failure of votes creates irreparable harm.

There are many documented cases of voters being defrauded by interfering with voting systems that could have been prevented by paper trails. Further, "the consent of the governed" is the main value of voting, and non-paper systems have earned the deep distrust of many eligible voters, and earned the consequent deep distrust of the government and its elected officials.

Nothing to see here...

[Jawnn]

...Move along now. Government will still go the highest bidder, but we've "build jobs" by creating a new industry (crooked voting machines). Now shut up and go back to your bread and circuses.

Why is Diebold still in business after...

[GPS+Pilot]

...this incident?

Yet again, Diebold has shown their security prowess. This time they posted, on their website, a picture of the actual key used to open all of their Diebold voting machines. Ross Kinard of Sploitcast crafted three keys based on this photo. Amazingly enough, two of the three keys successfully opened one of the voting machines.

http://it.slashdot.org/story/07/01/25/217240/diebold-security-foiled-again

Bush/Cheney Stole the 2000 Election

[Doc+Ruby]

It should be obvious to anyone who isn't retarded or totally corrupt that Bush/Cheney stole the 2000 election, including using these rigged voting machines. And the country has gone straight to hell since. Cheered along by the retarded and totally corrupt.

There is a simple way around this

[lsatenstein]

There are paper labels that act as physical seals. The labels are pasted across the panels used to access the electronics. In addition, there would be a panel access detection fuseable signal.
Verify the machine is clean, paste the seal across the potential opening, and voila. Also, if the cover is opened, a fuseable link can be made to blow on the next application of power.

The only thing the video points out is the need for some extra protection to avoid penetration into the electronics of the machine. This could also be done with special cover fasteners, and more.

Re:Crazy Talk!

[Pence128]

Possible? Yes. That cheap? Sure. An eighth grader building it? Yeah, with practice, or if he's already soldered together a "My first blinkenlights" kit. With no knowledge of the microprocessor? How would you know? You didn't even look.

I'll give you an analogy of how it works. Say you're screwing around with $CALCULATOR_PROGRAM. You click on all the right buttons, but right before you click equals, I unplug your mouse, plug in my own, click clear all and enter whatever I want. For bonus points, I unplug your monitor too so you can't see what I'm doing. Also, I'm a cheap microcontroller, so I can do all that in a fraction of a second. I don't need to know if you're using a PC, Mac or a Commodore 64.

There is no money in voting...

[No,+I+am+Spratacus!]

Relevant: http://www.danielyerelian.com/blog/wp-content/uploads/2010/10/wzjsh.gif

There is a secure way.

[funky_vibes]

Let's say you have a public table of voter-id -> vote.
Each person can look up their own voter-id from a government controlled list to ensure privacy.

1. Person merges their vote entry into the data
2. At the very end of the voting period the table is stored on a public website, for easy bit by bit comparison by anyone.
3. Each person checks that their own entry exists and hasn't been modified.
4. Everyone can now count the votes and will get the same results, any discrepancies means the ballot box data has been altered.

This scheme has the following benefits:

* Your own vote can be verified to exist

* You can verify it hasn't been altered

* The amount of voters can be publicly verified

* Your vote is still secret from the public thanks to the government lookup-list.

If it needs to be hidden from the government too, there are various ways of accomplishing that as well such as:

* 3rd parties without government ties
* An onion net of 3rd parties
* possibly something using cryptographical hashes based on social-security numbers

Re:There is a secure way.

[funky_vibes]

Come on.. I wrote this up here so someone could find a flaw in my reasoning.
Since this solution is so obvious it should have been tried already.

Anyone?