What happened was, California SecState Shelley de-certified ALL touchscreen machines around April 29th 2004. He's allowing most to be used so long as certain measures are taken, most of which improve security at least a little, and one says that voters must be given a paper option at the polling place.
If that paper option isn't present, the touchscreen machine is ILLEGAL TO OPERATE.
Again: this is a California only thing. Unfortunately.
Oh, and the latest generation Diebold touchscreen (the TSx) was flat banned.
Well between recent events in Nevada and California's new VVPAT bill signed by Ahnuld and effective 1/1/06, the VVPAT issue is basically won. Even nationwide. There'll be some drama and screaming left but it's really just "mopping up operations".
So I see nothing unreasonable in pushing on past that point.
Tell me about it. When I had a couple, I was still here in California:).
I must have told about a dozen different cops in San Francisco that Felix the little albino fert was a rat:). Cops don't seem to study much biology...
I'd have fun with everybody else though.
One time I'm standing at a streetcorner waiting for the light to change, Felix poking his nose out of my jacket, and this guy next to me says "cool rat!".
"Yeah, he's a nice rat, but I got him from some kids that abused him. It was horrible."
"Really?"
"Yeah, they built a rack in their basement and stretched him!"
"What? No, nobody stretched your rat!"
"Yup - see, check it out!" as I pull his foot-plus-long skinny bod out inch by inch as the dude completely freaked out...:)
"Absolutely standard PC" means a normal PentiumIII-on-up PC that you can get a nice stable Linux build for.
---------------
First thing: you'd be surprised at how many failed candidates don't do as much challenge as they're legally entitled to. Why? Because manual recounts across an entire county (or legislative district) cost money...and sometimes they've flat run out.
ONLY a failed candidate is allowed to contest an election - according to the courts, they're the only one with "standing". Put another way, vote fraud allegedly doesn't hurt the general public, only the losers. Which is crazy, but that's how the courts are ruling!
----------------
You're also presuming a LOT about the accuracy of polls. Just for starters, in 1996 a poll of print and broadcast journalists shows 86% in favor of Clinton and I think the imbalance is overall even worse today.
The sole national exit polling system we had (VNS paid for by multiple media outlets in a sort of "cartel") came completely unglued in 2000 and went out of business - and nothing has replaced it since.
Sorry dude, I want honest open-source software AND a VVPAT.
And two more things on top of those:
c) A commitment to public records/open meeting honesty on the parts of county election officials, which is a whole 'nuther issue entirely.
d) AUDIT TRAILS! Dammit, banks have known how to keep a record of every time money changes hands since the days of the Hudson Bay Company, Lloyds of London and similar 300+ years ago. Christ, longer than that, Jewish bankers in Europe figured this out 1,000+ years ago. CPAs today have published, standard ways of dealing with this. When VOTES change hands from the field to the central tabulator area to the central database and then to a manual recount, there are well-understood procedures to cope with the handoffs. We're not using them. Why not, we've got over 1,000 years of R&D on the subject.
Count votes like it's money because ultimately it IS!
Skinnykitties are already hypoallergenic. They use litterboxes like a cat, wrassle and play more like a small dog, affectionate like a puppy, eat cat food...
And your nose realizes they're distantly related to skunks:).
I had weinercats for years. Godawful cute little guys.
Upshot: Diebold rigged the central tabulator to evade "spot checking" (such as the mandatory 1% manual recount in California). Only a 100% manual recount tells the whole story.
That only happens if the race is a nailbiter.
Rig the race so it's NOT a nailbiter...and...sigh. The "paper trail" might as well come in rolls and get used as asswipe for all the good it'll do.
This doesn't mean I'm against the paper trails! On the contrary, it's critical.
But so is honest software.
The Open Voting Consortium has put some thought into this issue. By running on absolutely standard PCs as the "terminal" and sourcing those on the local market, BIOS hacking would be more difficult on a broad scale and could in theory be checked for.
First step, along with the source code, the vendor has to provide the OS and compiler specs (type, revision, etc) used to create the executables.
They also specify a hash or at a minimum, a CRC of the executables.
We can do our own compiles and confirm the accuracy of the hash/CRC. We then write a script that will go out and check over the voting system executable files. That goes onto a floppy and gets run against the in-the-field executables.
Complicated? Hell yes. But much of the work on the scripts could be done by the Federal Election Commission or other national body, who makes them available for download on their site. County elections officials take those script packages off the FEC site and put them on floppies or CDs. People who want to do an on-site code check run THOSE scripts on those media, so that no possible virus/worm/trojan/malware gets introduced. These volunteer checkers then get to take home the floppy or CD and check it against the FEC-published standard.
Upshot: reliable in-field code base checking without any possible malware introduction during said checking.
Jim March Member, Board of Directors, Black Box Voting (www.blackboxvoting.org)
Diebold's "paper trail" is an end-of-day record on a long thin "cash
register strip" showing how many votes each machine took in for each
candidate and issue.
Problem 1: it's glitchier than a Microsoft Windows early beta.
I've talked to Alameda and San Diego County pollworkers who tried to
collect these at the end of the day, only to find that in some cases
nothing printed and in others the printout didn't agree with the
on-screen end-of-day tallies! And that was different machines in
a single polling location.
Problem 2: this printout isn't done as the votes happen, but rather as
a single end-of-day "run" under polling place supervisor control.
If the machine crashes at any time during the day (which happens often
enough), that'll cause the tallies between the memory card "electronic
ballot box" (PCMCIA) and printout to vary.
Problem 3: this printout isn't open to public scrutiny. I've seen
Public Records Act/FOIA type queries for copies fought by county
elections officials across the nation, probably because photocopying a
12ft strip of 3" paper is a bitch:).
As to code scrutiny by independent labs:
The Federal Election Commission approves testing labs for reviewing
voting machine code and products. They're the only ones allowed
to see the source code on this stuff. The two biggest are Wyle
Lab's elections operation in Huntsville, AL and "Ciber Inc" (formerly
Metamore) also in Huntsville.
First, all of the voting machines in current use are certified by these
labs to standards written by the FEC in 1990. You heard that
right. There's also a 2000 standard by the FEC but since all of
our electronic voting machines were built prior to 2000, they can be
re-certified under the 1990 standards "forever", until the vendors
announce significant enough upgrades/revamps to trigger the Y2000
review process. Which NONE have seen fit to do so far.
It gets worse.
We have 13,000 leaked Diebold memos floating around that document,
among other things, Diebold lying to the testing labs. In one
case, huge amounts of customized code used in WinCE was declared to be
"Commercial Off The Shelf" ("COTS") and not subject to source code
review.
The exact phrasing of these internal memos and a security analysis of
their implications can be found at:
Diebold Corp. in Ohio bought Global Election Systems in 2002 (Canadian
company) and renamed it Diebold Election Systems. Global's first
voting products were written on Unix boxes, where they wrote their own
"Accubasic" compiler for some core vote-tally processes. When
porting to Windows, they went to great lengths to get Accubasic working
on the new platform. OK, query me this: if I'm writing the
compiler and I'm publishing source code for scrutiny that's run through
that compiler, how in the hell is the source code reviewer supposed to
know what's REALLY going on!?
Ahh, but this presumes "bad intent" on Global's part, which normally
isn't something you presume. Except that Global was founded in
1988 by three guys name of Norton Cooper, Charles Hong Lee and Michael
K. Graye, all three of whom have prior felony convictions in the US
and/or Canada for stock fraud, investment scams and the like. By
2000, Global hired a guy name of Jeffrey Dean as lead programmer on the
central vote-tally product (GEMS, "Global Election Management
Software", still part of the Diebold product line). Dean was a
charming chap - convicted of 23 counts of computer-aided embezzlement
from a Seattle law firm in what a court called a "sophisticated
computer-aided accounting fraud". He was literally recruited
while still in prison by another Global employee also doing time.
See also this document for more details on these clowns:
...were tested in "test mode" versus "election mode".
Yes, I'm serious. There's a software setting on the touchscreen
to do one or the other.
But that's OK, 'cuz the software in there is "certified" and subjected
to code analysis by a test lab, right?
Oooops. Diebold withheld thousands of lines of custom code in the
voting terminals from review by declaring it "Commercial Off The Shelf"
(COTS) software. Under FEC rules, "COTS" doesn't need serious
scrutiny...but Windows CE at the terminal is NOT "COTS" despite
Diebold's assertions otherwise - WinCE is a "software kit" that needs
to be "finished" (mostly core drivers like video, etc) by the hardware
manufacturer.
Diebold.
So hide a couple hundred lines of code somewhere that checks for the
"election mode" versus "test mode" flag...
For more on this WinCE issue including Diebold internal EMails
discussing it:
The same thing happened during the Riverside County (Calif) L&A testing: the Sequoia software that does the central tally blew up.
I don't know if the central "server" hardware is provided by Sequoia or not, but the central Windows vote-tally application that runs on it sure as hell does. In the eyewitness reports I've read from Riverside, it was the app that crashed four times but Windows itself didn't blow up...so the county claimed it "didn't crash".
...in California and what I was always told was that if they're registering as something other than Republican, we don't take the form - but we DO give it to 'em either blank or filled out there by them, and show them how to fold it and mail it.
That way we can't be accused of anything like this.
Now granted, something less than 100% will drop the thing in a mailbox, even though it's postage paid by the California Secretary of State. But that ain't our fault.
(I'm a Libertarian-leaning Republican, member of the Republican Liberty Caucus.)
Neal: is there a conspiracy against strong crypto?
on
Ask Neal Stephenson
·
· Score: 2, Interesting
As you're well aware, the most "dangerous" aspect of strong crypto isn't it's use at the hands of Osama Yo Mama and company, it's in the ability to do private unregulated and international wire transfers that could cripple the US income tax system.
The question is, how far will the US Gov't go to cripple crypto, and what are they doing now?
Item: we know Microsoft got off way light at the hands of the US-DOJ. Is that because the gov't wants to encourage and popularize the sort of pathetic security Windows is famous for? Was there a quid pro quo between M$ and the NSA involving Windows backdoors?
Item: voting machines. The top four vendors of electronic voting systems (ES&S, Diebold, Sequoia, Hart Intercivic) all run Windows as components and they all...well, suck. We know more about Diebold because we actually have the code available for download and test (google my name "Jim March" and "Diebold") due to an idiotic open FTP site on their part. The point here is that even in this app that screams "security!", piss-poor or completely missing crypto was tolerated and even promoted.
We could go on for days.
Thoughts?
(And a followup: given that Cryptonomicon brought this issue to public view more than any other document in history in my opinion, have you been pressured officially as a result? I consider it one of the two most "wonderfully subversive" novels written lately; the author of the other (John Ross of "Unintended Consequences") has indeed been harassed (by the BATF).)
Late 1980s they worked out a way to allow people to have professionally made audio tapes made up out of whatever single tracks they wanted from a large catalog. It involved a CD jukebox with compression that allowed cutting audio tapes at 8x or so - a 60 minute tape would run out in 10 minutes or less and all the gear to do this was at the record shop.
Detailed auditing tracked per-song revenue and royalties.
The music business deliberately killed this off in order to max out full album sales.
Re: Crossballs: remember how there was that "gun nut" that got all upset?
Yeah, that would be me:). And yes, I'm the same guy suing Diebold so hey, I ain't JUST a gun nut:).
Anyways. They never ran my episode:). Swear to God - they pulled it at the last second. My lawyer's two letters about how they didn't have permission appear to have sunk in.
[/blows rassberries towards NYC and the Viacom corporate office:ON]
http://www.blackboxvoting.org/?q=node/view/938&PHP SESSID=d9a9956c80c5aacf55c9a6b7faea173d
Bev Harris reports that somebody in Snohomish County, WA used fake technician's credentials to get polling place access on the day of the primaries (9/14/04). Election workers report that it's "Democrats" doing it - we don't know (yet) how that determination was made...bumper sticker maybe? They got a car license plate number...
Bev is filing a public records request to try and get details on that case.
If it IS the same bunch and we can cross-link the Snohomish investigation to this one, we may be able to catch whodunit.
First, the SecState's office is NOT involved in the false claims case. At all.
The Attorney General *is* involved, but he didn't file it. He finally decided to join in the case, after about 10 freakin' months, 8 of which holding it "sealed" via repeated court-ordered extensions of the seal which started out as only 90 days.
The "seal" allows the gov't to decide whether or not the false claims act charges are valid without undue political pressure.
Sigh.
Whatever. Lockyer DID finally make the right decision and for that I gotta give him credit.
But the reason I know all this? *I* filed it - in November of '03, along with Bev Harris and our attorney Lowell Finley.
------------
As to Shelley de-certifying some Diebold gear: yes, he got rid of the latest touchscreen model used in four counties (the TSx). He did that because during a series of hearings in April, Diebold lied like a pack of rugs about a variety of issues, and had been caught installing uncertified (read: not code-reviewed like it's supposed to be!) software in ALL 17 of the their customer counties in California as of Nov. '03.
BUT Shelley left Diebold operating in the state, and using the earlier TS touchscreen in Alameda and Plumas counties. The TSx is just a case mod on the TS; it's smaller and lighter, but has the same firmware and software.
The April '04 hearings never got into the worst stuff, such as:
http://www.equalccw.com/deandemo.html
Do a news-google on my name ("Jim March") and Diebold if you want to see my involvement.
1% on the required manual recounts isn't enough. What you do then is, you hack only a few precincts.
We've also seen cases where the precincts chosen (in order to get 1% of the total) are NOT chosen randomly by the county elections officials, when the law says it should be. In one case, this was because absentee recounts (on paper) were "harder to do" than meaningless "electronic recounts" on touchscreen machines - so they picked precincts with few absentee voters...as in a handful each tops. Eeeeediots.
You wouldn't *believe* some of the cluelessness going on at the county level. Ham-fisted newbie idiots with "oooooh, shiny new computers!!!".
Gawd.
Like I said: the bill is an improvement, but it is NOT enough.
In one sense, you're absolutely right - without honest software TOO, this alone ain't enough.
That's why we also need open source software running on either standard hardware, or publish the firmware source too.
That's next year's project:). And one we'll have to fight Bill Gates on tooth and nail - there was a Calif bill this year that was just a "non-binding resolution" asking the California Secretary of State to at least start thinking about open source. THAT was fought bitterly by M$, and it was just advisory.
--------------
That aside, good paper trails will at least help. Esp. if SB1376 also passes.
1376 (on Arnold's desk) gives the California SecState the right to review the source code to this stuff (or farm the analysis out to the lab of his choice).
We also have manual recounts that can happen any of three ways - see my long message at the top level. The idea is, if the manual recounts show something different than the electronic count, the SecState's office can launch an investigation and figure out WTF. If it turns out the difference is due to a "cheat code" (take every 10th vote for bigwig1 and give it to bigwig2 or whatever) somebody gets visited by dudes with guns, handcuffs and bad attitudes.
That's the theory anyways.
STILL ain't as good as open source, but we're at least moving in the right direction. Which, given that this is the %$#^$%&^% *government* we're talking about, is a welcome change indeed.
Hmmmm...right. Come to think, this varies by California county - some use a "check in" system where they write your name in, others to the "cross 'em off" thing like you mention.
"Cross 'em off from the book" may be LESS secure in some ways, as it's easy for a cheater back at the county elections HQ to cross more names off.
It won't matter soon - most counties are moving towards an "electronic pollbook" and that's yet ANOTHER possible security disaster that needs watching. At a minimum, softwhere in there could record the vote order which could be cross-reffed against the wrong sort of paper handler in the voting booth - one with a take-up reel.
The really, really scary part....
on
Upgrade Your Dog
·
· Score: 1
...is the suspicion that any number of gifted dogs could do a better job as director than half the moviemakers in Hollywood today.
1) If somebody doesn't vote for any candidate in a given race, it's easy for somebody at elections HQ to fill in a dot and "choose for them". This was documented in Napa County Calif in the last election via forensic ink analysis in at least 38 cases for a close local race.
2) There's no independent election monitors making sure people aren't pressured at home or work or whatever to "vote properly" as happened in San Francisco when a city work manager herded his dozen or so employees through the absentee process, looking over their shoulder as they filled out the ballot. Polling places prevent this crap.
Yes, you can see the paper and confirm every vote. Most proposals put it "behind a sheet of glass" so you can't lay mitts on it and walk away with it, but that's OK as the voting machine has a "wait, hold it, I did NOT vote for THAT asshole!" button allowing you to restart (and that piece of paper is cancelled).
Other lower-cost alternatives involve a large sheet of paper people are less likely to walk away with; they'll stuff the sheets in a ballot box. Problem is, some people WILL be dumb and carry the paper off, meaning their vote can't be hand-counted and they can prove how they voted (selling their vote, etc).
"Behind glass" is preferable.
One thing though: the printer has to have an automated "cutter" or otherwise drop individual sheets to the bottom of the bucket rather than use a take-up reel on a paper spool. A take-up reel gives you the vote order; cross-ref against the sign-in list and you can strip the privacy of who voted for what.
Before going into the effects, let's talk about how recounts work:
There is already a California law mandating a 1% random "spot check" manual recount post-election. So that's one way.
Two, elections officials can do more recounting at their own discretion if they "smell a rat". It's not very common.
Three, the loser of a race can ask for a manual recount. If they STILL lose, they pay the cost of the recount.
There are reform proposals out there to increase the amount of post-election recount to somewhere between 3% and 5% and second, rather than random recounts, let party officials or candidates each offer "recount THESE precincts!" suggestions. They're more likely to know "where the bodies might be buried" if there's been cheating.
-------------
The voter can't be allowed to prove later how they voted. That'll lead to threats if they "don't vote right" from union bosses, corporate bosses or whatever, or vote selling. Most proposals call for printing "under glass" so you can see the paper, you can hit a "cancel button" if it's not right, or you can approve it.
------------
Existing law says that the "will of the voter" is what really matters, and must be what post-election recounts are looking for. Therefore, while this bill (SB1438) doesn't specifically say that the paper trail is the "final ballot of record", that IS how they'll be treated if there's a discrepancy between the paper record and the electronic record.
------------
What this REALLY produces is a "voter verified paper trail" (VVPT). The bill uses the term "voter verified paper audit trail", but then *defines* that term explicitly:
"19251(c) "Voter verified paper audit trail" means a component of a direct recording electronic voting system that prints a contemporaneous paper record copy of each electronic ballot and allows each voter to confirm his or her selections before the voter casts his or her ballot."
It works as written, but we dodged a bullet here.
"Voter verified paper audit trail" is a term used by proponents of a "crypto audit trail" that does NOT allow the voter to confirm each individual selection at the polling place. Votehere and others have been promoting these "all crypto solutions" where the voter gets a "number" and can then confirm that their vote was recorded, but not what they voted for. Votehere is saying that the "background crypto" would form "proof" that the vote was recorded properly, and Diebold has been quietly promoting this as an alternative to a true VVPT.
Crypto is fine, but only if the basic code around it is "known honest". Diebold for one is doing "known DIShonest" code.
So thank the diety of your choice that the phrase "allows each voter to confirm his or her selections" is present in SB1438. We can do crypto ON TOP of a VVPT system but under SB1438, NOT in place of a VVPT.
Jim March Member, Board of Directors, Black Box Voting (www.blackboxvoting.org)
The complete bill text is available at:
http://leginfo.ca.gov/pub/bill/sen/sb_1401-1450/sb _1438_bill_20040827_enrolled.html
Before going into the effects, let's talk about how recounts work:
There is already a California law mandating a 1% random "spot check" manual recount post-election. So that's one way.
Two, elections officials can do more recounting at their own discretion if they "smell a rat". It's not very common.
Three, the loser of a race can ask for a manual recount. If they STILL lose, they pay the cost of the recount.
There are reform proposals out there to increase the amount of post-election recount to somewhere between 3% and 5% and second, rather than random recounts, let party officials or candidates each offer "recount THESE precincts!" suggestions. They're more likely to know "where the bodies might be buried" if there's been cheating.
-------------
The voter can't be allowed to prove later how they voted. That'll lead to threats if they "don't vote right" from union bosses, corporate bosses or whatever, or vote selling. Most proposals call for printing "under glass" so you can see the paper, you can hit a "cancel button" if it's not right, or you can approve it.
------------
Existing law says that the "will of the voter" is what really matters, and must be what post-election recounts are looking for. Therefore, while this bill (SB1438) doesn't specifically say that the paper trail is the "final ballot of record", that IS how they'll be treated if there's a discrepancy between the paper record and the electronic record.
------------
What this REALLY produces is a "voter verified paper trail" (VVPT). The bill uses the term "voter verified paper audit trail", but then *defines* that term explicitly:
"19251(c) "Voter verified paper audit trail" means a component of a direct recording electronic voting system that prints a contemporaneous paper record copy of each electronic ballot and allows each voter to confirm his or her selections before the voter casts his or her ballot."
It works as written, but we dodged a bullet here.
"Voter verified paper audit trail" is a term used by proponents of a "crypto audit trail" that does NOT allow the voter to confirm each individual selection at the polling place. Votehere and others have been promoting these "all crypto solutions" where the voter gets a "number" and can then confirm that their vote was recorded, but not what they voted for. Votehere is saying that the "background crypto" would form "proof" that the vote was recorded properly, and Diebold has been quietly promoting this as an alternative to a true VVPT.
Crypto is fine, but only if the basic code around it is "known honest". Diebold for one is doing "known DIShonest" code.
So thank the diety of your choice that the phrase "allows each voter to confirm his or her selections" is present in SB1438. We can do crypto ON TOP of a VVPT system but under SB1438, NOT in place of a VVPT.
Jim March
Member, Board of Directors, Black Box Voting (www.blackboxvoting.org)
San Francisco recently had a scandal in which city employees were herded through the absentee voting system and browbeaten by supervisors who watched over their shoulder to make sure they "voted properly".
To solve this problem and numerous others, the idea of private voting at local polling places where this sort of thing can be monitored developed. When done right, polling-place voting leads to the LOWEST level of overall fraud.
Right now, Black Box Voting and other advocacy/reform groups are talking about using absentee voting to create a paper trail when polling places lack them. BUT we know about this issue! Our stance is a condemnation of the worst of the elecronic voting systems, NOT a condemnation of polling place voting.
Internet voting is worse than absentee, for several reasons:
1) A small script could record exactly how you voted, allowing you to sell your vote. Concerns over mechanical voting systems in New York and other urban areas led to an experiment with "paper reciepts" about 70 - 80 years ago and it turned into a vote-buying bonanza for crooked unions. (That's why Voter Verified Paper Trail plans today involve leaving the paper in a secure ballot box at the polling place.)
2) There's still a sizeable non-Internet-connected population out there, esp. at retirement homes and blue-collar unions. "Free Internet Voting Terminals!" at union halls and nursing homes would be a hotbed of "browbeat fraud" similar to the San Francisco case above...in the case of unions, people who didn't vote at the union hall (where the networked PCs are monitored with a remote view application) would be exposed to considerable pressure for not voting "the right way".
-----------
Note that these issues are present EVEN IF THE SYSTEM IS TECHNOLOGICALLY PERFECT(!), written in Open Source with strong crypto by/.ers.
Upshot: Internet Voting cannot be made to work right, due to "human hacking" even if "computer hacking" is somehow made impossible (which is pretty damn doubtful).
Jim March Member, Board of Directors, Black Box Voting (www.blackboxvoting.org)
Slashdot Mirror
What happened was, California SecState Shelley de-certified ALL touchscreen machines around April 29th 2004. He's allowing most to be used so long as certain measures are taken, most of which improve security at least a little, and one says that voters must be given a paper option at the polling place. If that paper option isn't present, the touchscreen machine is ILLEGAL TO OPERATE. Again: this is a California only thing. Unfortunately. Oh, and the latest generation Diebold touchscreen (the TSx) was flat banned.
Well between recent events in Nevada and California's new VVPAT bill signed by Ahnuld and effective 1/1/06, the VVPAT issue is basically won. Even nationwide. There'll be some drama and screaming left but it's really just "mopping up operations".
So I see nothing unreasonable in pushing on past that point.
Tell me about it. When I had a couple, I was still here in California :).
:). Cops don't seem to study much biology...
I must have told about a dozen different cops in San Francisco that Felix the little albino fert was a rat
I'd have fun with everybody else though.
One time I'm standing at a streetcorner waiting for the light to change, Felix poking his nose out of my jacket, and this guy next to me says "cool rat!".
"Yeah, he's a nice rat, but I got him from some kids that abused him. It was horrible."
"Really?"
"Yeah, they built a rack in their basement and stretched him!"
"What? No, nobody stretched your rat!"
"Yup - see, check it out!" as I pull his foot-plus-long skinny bod out inch by inch as the dude completely freaked out...:)
"Absolutely standard PC" means a normal PentiumIII-on-up PC that you can get a nice stable Linux build for.
---------------
First thing: you'd be surprised at how many failed candidates don't do as much challenge as they're legally entitled to. Why? Because manual recounts across an entire county (or legislative district) cost money...and sometimes they've flat run out.
ONLY a failed candidate is allowed to contest an election - according to the courts, they're the only one with "standing". Put another way, vote fraud allegedly doesn't hurt the general public, only the losers. Which is crazy, but that's how the courts are ruling!
----------------
You're also presuming a LOT about the accuracy of polls. Just for starters, in 1996 a poll of print and broadcast journalists shows 86% in favor of Clinton and I think the imbalance is overall even worse today.
The sole national exit polling system we had (VNS paid for by multiple media outlets in a sort of "cartel") came completely unglued in 2000 and went out of business - and nothing has replaced it since.
Sorry dude, I want honest open-source software AND a VVPAT.
And two more things on top of those:
c) A commitment to public records/open meeting honesty on the parts of county election officials, which is a whole 'nuther issue entirely.
d) AUDIT TRAILS! Dammit, banks have known how to keep a record of every time money changes hands since the days of the Hudson Bay Company, Lloyds of London and similar 300+ years ago. Christ, longer than that, Jewish bankers in Europe figured this out 1,000+ years ago. CPAs today have published, standard ways of dealing with this. When VOTES change hands from the field to the central tabulator area to the central database and then to a manual recount, there are well-understood procedures to cope with the handoffs. We're not using them. Why not, we've got over 1,000 years of R&D on the subject.
Count votes like it's money because ultimately it IS!
:)
:).
Skinnykitties are already hypoallergenic. They use litterboxes like a cat, wrassle and play more like a small dog, affectionate like a puppy, eat cat food...
And your nose realizes they're distantly related to skunks
I had weinercats for years. Godawful cute little guys.
THIS is why VVPAT alone isn't enough:
http://www.equalccw.com/deandemo.html
Upshot: Diebold rigged the central tabulator to evade "spot checking" (such as the mandatory 1% manual recount in California). Only a 100% manual recount tells the whole story.
That only happens if the race is a nailbiter.
Rig the race so it's NOT a nailbiter...and...sigh. The "paper trail" might as well come in rolls and get used as asswipe for all the good it'll do.
This doesn't mean I'm against the paper trails! On the contrary, it's critical.
But so is honest software.
The Open Voting Consortium has put some thought into this issue. By running on absolutely standard PCs as the "terminal" and sourcing those on the local market, BIOS hacking would be more difficult on a broad scale and could in theory be checked for.
First step, along with the source code, the vendor has to provide the OS and compiler specs (type, revision, etc) used to create the executables.
They also specify a hash or at a minimum, a CRC of the executables.
We can do our own compiles and confirm the accuracy of the hash/CRC. We then write a script that will go out and check over the voting system executable files. That goes onto a floppy and gets run against the in-the-field executables.
Complicated? Hell yes. But much of the work on the scripts could be done by the Federal Election Commission or other national body, who makes them available for download on their site. County elections officials take those script packages off the FEC site and put them on floppies or CDs. People who want to do an on-site code check run THOSE scripts on those media, so that no possible virus/worm/trojan/malware gets introduced. These volunteer checkers then get to take home the floppy or CD and check it against the FEC-published standard.
Upshot: reliable in-field code base checking without any possible malware introduction during said checking.
Jim March
Member, Board of Directors, Black Box Voting (www.blackboxvoting.org)
Diebold's "paper trail" is an end-of-day record on a long thin "cash register strip" showing how many votes each machine took in for each candidate and issue.
:).
...and:
Problem 1: it's glitchier than a Microsoft Windows early beta. I've talked to Alameda and San Diego County pollworkers who tried to collect these at the end of the day, only to find that in some cases nothing printed and in others the printout didn't agree with the on-screen end-of-day tallies! And that was different machines in a single polling location.
Problem 2: this printout isn't done as the votes happen, but rather as a single end-of-day "run" under polling place supervisor control. If the machine crashes at any time during the day (which happens often enough), that'll cause the tallies between the memory card "electronic ballot box" (PCMCIA) and printout to vary.
Problem 3: this printout isn't open to public scrutiny. I've seen Public Records Act/FOIA type queries for copies fought by county elections officials across the nation, probably because photocopying a 12ft strip of 3" paper is a bitch
As to code scrutiny by independent labs:
The Federal Election Commission approves testing labs for reviewing voting machine code and products. They're the only ones allowed to see the source code on this stuff. The two biggest are Wyle Lab's elections operation in Huntsville, AL and "Ciber Inc" (formerly Metamore) also in Huntsville.
First, all of the voting machines in current use are certified by these labs to standards written by the FEC in 1990. You heard that right. There's also a 2000 standard by the FEC but since all of our electronic voting machines were built prior to 2000, they can be re-certified under the 1990 standards "forever", until the vendors announce significant enough upgrades/revamps to trigger the Y2000 review process. Which NONE have seen fit to do so far.
It gets worse.
We have 13,000 leaked Diebold memos floating around that document, among other things, Diebold lying to the testing labs. In one case, huge amounts of customized code used in WinCE was declared to be "Commercial Off The Shelf" ("COTS") and not subject to source code review.
The exact phrasing of these internal memos and a security analysis of their implications can be found at:
http://www.equalccw.com/sscomment.html
http://www.equalccw.com/sscomments2.html
Ain't puked quite yet?
Diebold Corp. in Ohio bought Global Election Systems in 2002 (Canadian company) and renamed it Diebold Election Systems. Global's first voting products were written on Unix boxes, where they wrote their own "Accubasic" compiler for some core vote-tally processes. When porting to Windows, they went to great lengths to get Accubasic working on the new platform. OK, query me this: if I'm writing the compiler and I'm publishing source code for scrutiny that's run through that compiler, how in the hell is the source code reviewer supposed to know what's REALLY going on!?
Ahh, but this presumes "bad intent" on Global's part, which normally isn't something you presume. Except that Global was founded in 1988 by three guys name of Norton Cooper, Charles Hong Lee and Michael K. Graye, all three of whom have prior felony convictions in the US and/or Canada for stock fraud, investment scams and the like. By 2000, Global hired a guy name of Jeffrey Dean as lead programmer on the central vote-tally product (GEMS, "Global Election Management Software", still part of the Diebold product line). Dean was a charming chap - convicted of 23 counts of computer-aided embezzlement from a Seattle law firm in what a court called a "sophisticated computer-aided accounting fraud". He was literally recruited while still in prison by another Global employee also doing time. See also this document for more details on these clowns:
Yes, I'm serious. There's a software setting on the touchscreen to do one or the other.
But that's OK, 'cuz the software in there is "certified" and subjected to code analysis by a test lab, right?
Oooops. Diebold withheld thousands of lines of custom code in the voting terminals from review by declaring it "Commercial Off The Shelf" (COTS) software. Under FEC rules, "COTS" doesn't need serious scrutiny...but Windows CE at the terminal is NOT "COTS" despite Diebold's assertions otherwise - WinCE is a "software kit" that needs to be "finished" (mostly core drivers like video, etc) by the hardware manufacturer.
Diebold.
So hide a couple hundred lines of code somewhere that checks for the "election mode" versus "test mode" flag...
For more on this WinCE issue including Diebold internal EMails discussing it:
http://www.equalccw.com/sscomments2.html
That's not even getting into how screwed up the central tabulator software is:
http://www.equalccw.com/deandemo.html
Ain't no WAY you can trust a Diebold system. Period.
Jim March
Member, Board of Directors, www.blackboxvoting.org
The same thing happened during the Riverside County (Calif) L&A testing: the Sequoia software that does the central tally blew up.
I don't know if the central "server" hardware is provided by Sequoia or not, but the central Windows vote-tally application that runs on it sure as hell does. In the eyewitness reports I've read from Riverside, it was the app that crashed four times but Windows itself didn't blow up...so the county claimed it "didn't crash".
Horsecrap.
...in California and what I was always told was that if they're registering as something other than Republican, we don't take the form - but we DO give it to 'em either blank or filled out there by them, and show them how to fold it and mail it.
That way we can't be accused of anything like this.
Now granted, something less than 100% will drop the thing in a mailbox, even though it's postage paid by the California Secretary of State. But that ain't our fault.
(I'm a Libertarian-leaning Republican, member of the Republican Liberty Caucus.)
As you're well aware, the most "dangerous" aspect of strong crypto isn't it's use at the hands of Osama Yo Mama and company, it's in the ability to do private unregulated and international wire transfers that could cripple the US income tax system.
The question is, how far will the US Gov't go to cripple crypto, and what are they doing now?
Item: we know Microsoft got off way light at the hands of the US-DOJ. Is that because the gov't wants to encourage and popularize the sort of pathetic security Windows is famous for? Was there a quid pro quo between M$ and the NSA involving Windows backdoors?
Item: voting machines. The top four vendors of electronic voting systems (ES&S, Diebold, Sequoia, Hart Intercivic) all run Windows as components and they all...well, suck. We know more about Diebold because we actually have the code available for download and test (google my name "Jim March" and "Diebold") due to an idiotic open FTP site on their part. The point here is that even in this app that screams "security!", piss-poor or completely missing crypto was tolerated and even promoted.
We could go on for days.
Thoughts?
(And a followup: given that Cryptonomicon brought this issue to public view more than any other document in history in my opinion, have you been pressured officially as a result? I consider it one of the two most "wonderfully subversive" novels written lately; the author of the other (John Ross of "Unintended Consequences") has indeed been harassed (by the BATF).)
I used to work for Personics.
n et .music.idg/
Late 1980s they worked out a way to allow people to have professionally made audio tapes made up out of whatever single tracks they wanted from a large catalog. It involved a CD jukebox with compression that allowed cutting audio tapes at 8x or so - a 60 minute tape would run out in 10 minutes or less and all the gear to do this was at the record shop.
Detailed auditing tracked per-song revenue and royalties.
The music business deliberately killed this off in order to max out full album sales.
http://www.cnn.com/TECH/computing/9805/26/inter
http://www.betagroupllc.com/1st-personics.html
In this and a ton of other ways, they crippled innovation.
They're now paying the price.
Re: Crossballs: remember how there was that "gun nut" that got all upset?
:). And yes, I'm the same guy suing Diebold so hey, I ain't JUST a gun nut :).
:). Swear to God - they pulled it at the last second. My lawyer's two letters about how they didn't have permission appear to have sunk in.
Yeah, that would be me
Anyways. They never ran my episode
[/blows rassberries towards NYC and the Viacom corporate office:ON]
http://www.blackboxvoting.org/?q=node/view/938&PHP SESSID=d9a9956c80c5aacf55c9a6b7faea173d
Bev Harris reports that somebody in Snohomish County, WA used fake technician's credentials to get polling place access on the day of the primaries (9/14/04). Election workers report that it's "Democrats" doing it - we don't know (yet) how that determination was made...bumper sticker maybe? They got a car license plate number...
Bev is filing a public records request to try and get details on that case.
If it IS the same bunch and we can cross-link the Snohomish investigation to this one, we may be able to catch whodunit.
First, the SecState's office is NOT involved in the false claims case. At all.
The Attorney General *is* involved, but he didn't file it. He finally decided to join in the case, after about 10 freakin' months, 8 of which holding it "sealed" via repeated court-ordered extensions of the seal which started out as only 90 days.
The "seal" allows the gov't to decide whether or not the false claims act charges are valid without undue political pressure.
Sigh.
Whatever. Lockyer DID finally make the right decision and for that I gotta give him credit.
But the reason I know all this? *I* filed it - in November of '03, along with Bev Harris and our attorney Lowell Finley.
------------
As to Shelley de-certifying some Diebold gear: yes, he got rid of the latest touchscreen model used in four counties (the TSx). He did that because during a series of hearings in April, Diebold lied like a pack of rugs about a variety of issues, and had been caught installing uncertified (read: not code-reviewed like it's supposed to be!) software in ALL 17 of the their customer counties in California as of Nov. '03.
BUT Shelley left Diebold operating in the state, and using the earlier TS touchscreen in Alameda and Plumas counties. The TSx is just a case mod on the TS; it's smaller and lighter, but has the same firmware and software.
The April '04 hearings never got into the worst stuff, such as:
http://www.equalccw.com/deandemo.html
Do a news-google on my name ("Jim March") and Diebold if you want to see my involvement.
1% on the required manual recounts isn't enough. What you do then is, you hack only a few precincts.
We've also seen cases where the precincts chosen (in order to get 1% of the total) are NOT chosen randomly by the county elections officials, when the law says it should be. In one case, this was because absentee recounts (on paper) were "harder to do" than meaningless "electronic recounts" on touchscreen machines - so they picked precincts with few absentee voters...as in a handful each tops. Eeeeediots.
You wouldn't *believe* some of the cluelessness going on at the county level. Ham-fisted newbie idiots with "oooooh, shiny new computers!!!".
Gawd.
Like I said: the bill is an improvement, but it is NOT enough.
Open Freakin' Source!
In one sense, you're absolutely right - without honest software TOO, this alone ain't enough.
:). And one we'll have to fight Bill Gates on tooth and nail - there was a Calif bill this year that was just a "non-binding resolution" asking the California Secretary of State to at least start thinking about open source. THAT was fought bitterly by M$, and it was just advisory.
That's why we also need open source software running on either standard hardware, or publish the firmware source too.
That's next year's project
--------------
That aside, good paper trails will at least help. Esp. if SB1376 also passes.
1376 (on Arnold's desk) gives the California SecState the right to review the source code to this stuff (or farm the analysis out to the lab of his choice).
We also have manual recounts that can happen any of three ways - see my long message at the top level. The idea is, if the manual recounts show something different than the electronic count, the SecState's office can launch an investigation and figure out WTF. If it turns out the difference is due to a "cheat code" (take every 10th vote for bigwig1 and give it to bigwig2 or whatever) somebody gets visited by dudes with guns, handcuffs and bad attitudes.
That's the theory anyways.
STILL ain't as good as open source, but we're at least moving in the right direction. Which, given that this is the %$#^$%&^% *government* we're talking about, is a welcome change indeed.
Hmmmm...right. Come to think, this varies by California county - some use a "check in" system where they write your name in, others to the "cross 'em off" thing like you mention.
"Cross 'em off from the book" may be LESS secure in some ways, as it's easy for a cheater back at the county elections HQ to cross more names off.
It won't matter soon - most counties are moving towards an "electronic pollbook" and that's yet ANOTHER possible security disaster that needs watching. At a minimum, softwhere in there could record the vote order which could be cross-reffed against the wrong sort of paper handler in the voting booth - one with a take-up reel.
...is the suspicion that any number of gifted dogs could do a better job as director than half the moviemakers in Hollywood today.
Yes...BUT there's still two problems:
1) If somebody doesn't vote for any candidate in a given race, it's easy for somebody at elections HQ to fill in a dot and "choose for them". This was documented in Napa County Calif in the last election via forensic ink analysis in at least 38 cases for a close local race.
2) There's no independent election monitors making sure people aren't pressured at home or work or whatever to "vote properly" as happened in San Francisco when a city work manager herded his dozen or so employees through the absentee process, looking over their shoulder as they filled out the ballot. Polling places prevent this crap.
Yes, you can see the paper and confirm every vote. Most proposals put it "behind a sheet of glass" so you can't lay mitts on it and walk away with it, but that's OK as the voting machine has a "wait, hold it, I did NOT vote for THAT asshole!" button allowing you to restart (and that piece of paper is cancelled).
Other lower-cost alternatives involve a large sheet of paper people are less likely to walk away with; they'll stuff the sheets in a ballot box. Problem is, some people WILL be dumb and carry the paper off, meaning their vote can't be hand-counted and they can prove how they voted (selling their vote, etc).
"Behind glass" is preferable.
One thing though: the printer has to have an automated "cutter" or otherwise drop individual sheets to the bottom of the bucket rather than use a take-up reel on a paper spool. A take-up reel gives you the vote order; cross-ref against the sign-in list and you can strip the privacy of who voted for what.
The complete bill text is available at:
/ sb _1438_bill_20040827_enrolled.html
http://leginfo.ca.gov/pub/bill/sen/sb_1401-1450
Before going into the effects, let's talk about how recounts work:
There is already a California law mandating a 1% random "spot check" manual recount post-election. So that's one way.
Two, elections officials can do more recounting at their own discretion if they "smell a rat". It's not very common.
Three, the loser of a race can ask for a manual recount. If they STILL lose, they pay the cost of the recount.
There are reform proposals out there to increase the amount of post-election recount to somewhere between 3% and 5% and second, rather than random recounts, let party officials or candidates each offer "recount THESE precincts!" suggestions. They're more likely to know "where the bodies might be buried" if there's been cheating.
-------------
The voter can't be allowed to prove later how they voted. That'll lead to threats if they "don't vote right" from union bosses, corporate bosses or whatever, or vote selling. Most proposals call for printing "under glass" so you can see the paper, you can hit a "cancel button" if it's not right, or you can approve it.
------------
Existing law says that the "will of the voter" is what really matters, and must be what post-election recounts are looking for. Therefore, while this bill (SB1438) doesn't specifically say that the paper trail is the "final ballot of record", that IS how they'll be treated if there's a discrepancy between the paper record and the electronic record.
------------
What this REALLY produces is a "voter verified paper trail" (VVPT). The bill uses the term "voter verified paper audit trail", but then *defines* that term explicitly:
"19251(c) "Voter verified paper audit trail" means a component of a direct recording electronic voting system that prints a contemporaneous paper record copy of each electronic ballot and allows each voter to confirm his or her selections before the voter casts his or her ballot."
It works as written, but we dodged a bullet here.
"Voter verified paper audit trail" is a term used by proponents of a "crypto audit trail" that does NOT allow the voter to confirm each individual selection at the polling place. Votehere and others have been promoting these "all crypto solutions" where the voter gets a "number" and can then confirm that their vote was recorded, but not what they voted for. Votehere is saying that the "background crypto" would form "proof" that the vote was recorded properly, and Diebold has been quietly promoting this as an alternative to a true VVPT.
Crypto is fine, but only if the basic code around it is "known honest". Diebold for one is doing "known DIShonest" code.
So thank the diety of your choice that the phrase "allows each voter to confirm his or her selections" is present in SB1438. We can do crypto ON TOP of a VVPT system but under SB1438, NOT in place of a VVPT.
Jim March
Member, Board of Directors, Black Box Voting (www.blackboxvoting.org)
The complete bill text is available at: http://leginfo.ca.gov/pub/bill/sen/sb_1401-1450/sb _1438_bill_20040827_enrolled.html
Before going into the effects, let's talk about how recounts work:
There is already a California law mandating a 1% random "spot check" manual recount post-election. So that's one way.
Two, elections officials can do more recounting at their own discretion if they "smell a rat". It's not very common.
Three, the loser of a race can ask for a manual recount. If they STILL lose, they pay the cost of the recount.
There are reform proposals out there to increase the amount of post-election recount to somewhere between 3% and 5% and second, rather than random recounts, let party officials or candidates each offer "recount THESE precincts!" suggestions. They're more likely to know "where the bodies might be buried" if there's been cheating.
-------------
The voter can't be allowed to prove later how they voted. That'll lead to threats if they "don't vote right" from union bosses, corporate bosses or whatever, or vote selling. Most proposals call for printing "under glass" so you can see the paper, you can hit a "cancel button" if it's not right, or you can approve it.
------------
Existing law says that the "will of the voter" is what really matters, and must be what post-election recounts are looking for. Therefore, while this bill (SB1438) doesn't specifically say that the paper trail is the "final ballot of record", that IS how they'll be treated if there's a discrepancy between the paper record and the electronic record.
------------
What this REALLY produces is a "voter verified paper trail" (VVPT). The bill uses the term "voter verified paper audit trail", but then *defines* that term explicitly:
"19251(c) "Voter verified paper audit trail" means a component of a direct recording electronic voting system that prints a contemporaneous paper record copy of each electronic ballot and allows each voter to confirm his or her selections before the voter casts his or her ballot."
It works as written, but we dodged a bullet here.
"Voter verified paper audit trail" is a term used by proponents of a "crypto audit trail" that does NOT allow the voter to confirm each individual selection at the polling place. Votehere and others have been promoting these "all crypto solutions" where the voter gets a "number" and can then confirm that their vote was recorded, but not what they voted for. Votehere is saying that the "background crypto" would form "proof" that the vote was recorded properly, and Diebold has been quietly promoting this as an alternative to a true VVPT.
Crypto is fine, but only if the basic code around it is "known honest". Diebold for one is doing "known DIShonest" code.
So thank the diety of your choice that the phrase "allows each voter to confirm his or her selections" is present in SB1438. We can do crypto ON TOP of a VVPT system but under SB1438, NOT in place of a VVPT.
Jim March
Member, Board of Directors, Black Box Voting (www.blackboxvoting.org)
San Francisco recently had a scandal in which city employees were herded through the absentee voting system and browbeaten by supervisors who watched over their shoulder to make sure they "voted properly".
/.ers.
To solve this problem and numerous others, the idea of private voting at local polling places where this sort of thing can be monitored developed. When done right, polling-place voting leads to the LOWEST level of overall fraud.
Right now, Black Box Voting and other advocacy/reform groups are talking about using absentee voting to create a paper trail when polling places lack them. BUT we know about this issue! Our stance is a condemnation of the worst of the elecronic voting systems, NOT a condemnation of polling place voting.
Internet voting is worse than absentee, for several reasons:
1) A small script could record exactly how you voted, allowing you to sell your vote. Concerns over mechanical voting systems in New York and other urban areas led to an experiment with "paper reciepts" about 70 - 80 years ago and it turned into a vote-buying bonanza for crooked unions. (That's why Voter Verified Paper Trail plans today involve leaving the paper in a secure ballot box at the polling place.)
2) There's still a sizeable non-Internet-connected population out there, esp. at retirement homes and blue-collar unions. "Free Internet Voting Terminals!" at union halls and nursing homes would be a hotbed of "browbeat fraud" similar to the San Francisco case above...in the case of unions, people who didn't vote at the union hall (where the networked PCs are monitored with a remote view application) would be exposed to considerable pressure for not voting "the right way".
-----------
Note that these issues are present EVEN IF THE SYSTEM IS TECHNOLOGICALLY PERFECT(!), written in Open Source with strong crypto by
Upshot: Internet Voting cannot be made to work right, due to "human hacking" even if "computer hacking" is somehow made impossible (which is pretty damn doubtful).
Jim March
Member, Board of Directors, Black Box Voting (www.blackboxvoting.org)