Slashdot Log In
Open Source Program Reveals Diebold Bug
Posted by
timothy
on Sun Dec 14, 2008 07:23 AM
from the rabble-rousin'-ne'er-do-well dept.
from the rabble-rousin'-ne'er-do-well dept.
Mitch Trachtenberg writes "Ballot Browser, an open source Python program developed by Mitch Trachtenberg (yours truly) as part of the all-volunteer Humboldt County Election Transparency Project, was instrumental in revealing that Diebold counting software had dropped 197 ballots from Humboldt County, California's official election results. Despite a top-to-bottom review by the California Secretary of State's office, it appears that Diebold had not informed that office of the four-year-old bug. The Transparency Project has sites at humetp.org and http://www.humtp.com." Trachtenberg also points to his blog for the Transparency Project, and his own essay about the discovery and the process that led to it.
Related Stories
[+]
Politics: Diebold Admits Ohio Machines May Lose Votes 502 comments
I Don't Believe in Imaginary Property writes "Premier Election Solutions (a subsidiary of Diebold) has acknowledged a flaw that causes the systems to lose votes. It cannot be patched before the election and the machines are used in half of Ohio's counties, but they are issuing guidelines for avoiding the problem that presumably contain a work-around. While Diebold initially blamed anti-virus software for the glitch, they have now discovered that the bug was their own fault for not recording votes to memory when the cards are uploaded in 'certain circumstances' — something their initial analysis missed. It would be nice to hope that Ohio poll workers would be tech-savvy enough to make this a non-issue, but they had poll worker shortages last year and might need tech-savvy people to volunteer."
[+]
Suit Claims Diebold Voting Machines Violate GPL 252 comments
An anonymous reader writes "Diebold Inc. and its subsidiary, Premier Election Solutions, is using Ghostscript in its electronic election systems even though Diebold and PES 'have not been granted a license to modify, copy, or distribute any of Artifex's copyrighted works,' Artifex claims in court papers filed late last month in US District Court for Northern California. The gs-devel list first brought up the possible GPL violation a year ago."
Submission: open source program reveals Diebold bug by Anonymous Coward
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
First Post (Score:5, Funny)
Hey, Trachtenberg do you have a sister? And was she somehow the key to all of this?
Re: (Score:2)
Oh cone on mods, that was funny. Haven't you guys ever heard of Harriet the Spy [imdb.com]?
Re:First Post (Score:4, Informative)
on the off chance you're actually after an answer to the question in your .sig, the reason is that irregular forms such as -en simply die out when a generation of speakers rarely hears and uses the past-tense of a particular word, and so when it finally comes time for an individual to use the past-tense and they've never heard it, they just apply the regular rule of adding -ed. so a corollary would be that the past-tense of "prove" is being used less frequently than it was in previous times.
words and rules [wikipedia.org] by steven pinker is an entire book about irregular verbs, and i believe has a sentence or two about proven/proved. he definitely has many paragraphs, possibly a chapter, on the -en / -ed deal. he also talks a bit about why irregular forms persist over time. he also has some serious pedantic axes to grind.
Parent
Is Hanlon's Razor sharp enough to cut this? (Score:5, Interesting)
It's usually correct to not blame on malice what can be explained by incompetence. But I do find it hard to understand how a seemingly-simple requirement (essentially, count the number of times a button has been pressed) can be so badly botched by a company whose other "secure terminal" products (eg, ATMs) seem trustworthy and reliable, without the implication of a sinister motive.
Re:Is Hanlon's Razor sharp enough to cut this? (Score:5, Insightful)
Someone with 30 minutes of quickbasic experience can write an application that accurately counts button presses.
The fact that we are being asked to swallow this is disgusting.
Parent
Re:Is Hanlon's Razor sharp enough to cut this? (Score:5, Insightful)
Don't be a retard. No one with 30 minutes of Quickbasic experience can write an application scanning paper ballots and perform optical recognition on them with any degree of accuracy.
Parent
Re:Is Hanlon's Razor sharp enough to cut this? (Score:5, Insightful)
Do you hold your ATM pin number up to the screen waiting for it to be scanned or do you punch the buttons...
Parent
Re: (Score:3, Interesting)
I know this is weird, but I think the new machines we used this year in little small town AR finally got electronic voting right. I don't know who made them, but I doubt Diebold made anything that fool proof. It had a nice big, easy to read touchscreen and a big yes/no button by each candidate, which would then pop up a conformation box when you chose that said "You picked...is this your choice? If not please hit the blue cancel button". And finally when you confirmed a nice big, easy to read paper ballot w
Re:Is Hanlon's Razor sharp enough to cut this? (Score:5, Informative)
If you read the article, they were Not pressing buttons. This was a paper-and-pen method followed by a scanning machine. The scanning machine was dropping ballots for some unknown reason.
Parent
Re:Is Hanlon's Razor sharp enough to cut this? (Score:5, Informative)
The point is that the machine failed at identifying the ballots, not just identifying votes.
I can see that optical scanning might have issues, but then the counting machine needs to spit out the "bad" ballot into a different pile so that it can be manually checked. The machine failed to do this.
Parent
Re:Is Hanlon's Razor sharp enough to cut this? (Score:5, Informative)
Not true. The machine counted the ballots and then later, the software deleted them along with any record that they ever existed. [wired.com]
Parent
Re:Is Hanlon's Razor sharp enough to cut this? (Score:4, Interesting)
The fact that we're being asked to swallow electronic voting is disgusting. Some things electronics simply don't do well, and one such thing is accountability. We should be demanding accountability. Not just in angry letters to congress-critters, but outside voting booths, to the people who mindlessly register their vote, without any real clue if their vote will count or not.
Parent
Re:Is Hanlon's Razor sharp enough to cut this? (Score:5, Insightful)
This is a bit of an overreaction. There's no reason that a properly designed electronic voting system can't achieve greater speed and accuracy while producing a paper trail which allows full accountability. Just have the machine produce a printout which the individual voter can verify, then in case of doubt you can always resort to a manual count. Ultimately electronic voting systems should save time and increase accuracy, and we're going to switch to them.
The problem here is that the politicians have no idea what a properly designed electronic voting system looks like, and so they just leave it all up to Diebold and the like, who have no real incentive to do things right. What we really need here is a detailed set of specifications for how voting machines ought to perform, and laws that prevent machines which don't meet those specifications from being used in an election.
Parent
Re:Is Hanlon's Razor sharp enough to cut this? (Score:5, Insightful)
That's shit. I'll take the ballot I handle and allow it to be scanned. If the count is suspect then the ballots exist outside of some computer generated fantasy and real humans can count them.
Parent
Re:Is Hanlon's Razor sharp enough to cut this? (Score:5, Interesting)
That's shit. I'll take the ballot I handle and allow it to be scanned. If the count is suspect then the ballots exist outside of some computer generated fantasy and real humans can count them.
Well, that's why you have a printout which the voter verifies and essentially acts as your 'ballot'. Then you make sure that in the case of any remotely reasonable doubt you do a hand recount. I know I'm repeating myself, but your response suggests I wasn't clear enough.
Parent
Re: (Score:3, Informative)
Close, but just to be clear.
> just have the machine produce a printout
> which the individual voter can verify,
> then in case of doubt you can always
> resort to a manual count.
The DRE interface is good to use in making selections in an election. A machine prints or punches or otherwise indicates the voters intent on a piece of paper (a paper ballot). The voter holds it, looks at it, and confirms it is a proper rendering of their vote. Then they take their paper ballot and walk away from the DRE.
Re: (Score:3, Insightful)
Your union rep wants to see your voting receipt to make sure you voted 'correctly'!
If that doesn't scare you imagine the same scenario with your boss doing the verification.
You can't make the system 'voter auditable' without losing the secret ballot.
Take your idea but don't print the verification number on the ballot. Store it in the voting machine then reconcile the machine records to the central databases at the end of the day as a check. Hackers would have to change multiple systems in synch to ge
Re: (Score:2)
Re: (Score:3, Funny)
Mine too. After the OCR machine acknowledged my ballot was readable, they gave me a sticker that said "I voted".
I asked him for a second one and walked around all next day with two "I voted" stickers on.
Surprisingly, nobody asked me if I voted twice.
Are you sure your vote counted? (Score:5, Interesting)
It may well have been readable, but the first articles I saw on this make it clear that being readable is not a guarantee of your vote actually being included in the result.
The first articles make it clear that votes were counted and then, in some circumstances, From that article: [wired.com]
Still sure your vote counted?
Parent
Re:Is Hanlon's Razor sharp enough to cut this? (Score:5, Insightful)
I program banking systems for a living.
It's cute that you think "electronics simply don't do [...] accountability." Believe me, I'd be out a job real fast if they didn't.
The bottom line is, this was handled really, really poorly.
Parent
Re: (Score:3, Insightful)
I would have said the same thing to the person you are replying to, but since you did, let me play devil's advocate and say you're only right if the intent was to either facilitate voting, or subvert the system directly. If the goal was to destroy faith in the system, this is a pretty good job.
Re: (Score:3, Insightful)
'The fact that we're being asked to swallow electronic voting is disgusting. Some things electronics simply don't do well, and one such thing is accountability.'
Paper and electronic systems are equally accountable. The solution is transparency and to combine the two. Count the votes electronically, in real time, on a large publically visible display with a serial number attached to the ballot. You watch your vote be added to the tally. Then you take the human readable, optically scannable printout, again wi
Re:Is Hanlon's Razor sharp enough to cut this? (Score:5, Informative)
The fact that we are being asked to swallow this is disgusting.
Thats what my ex used to say.
Parent
Re:Is Hanlon's Razor sharp enough to cut this? (Score:5, Insightful)
It's usually correct to not blame on malice what can be explained by incompetence. But I do find it hard to understand how a seemingly-simple requirement (essentially, count the number of times a button has been pressed) can be so badly botched by a company whose other "secure terminal" products (eg, ATMs) seem trustworthy and reliable, without the implication of a sinister motive.
That's because money is heavily monitored and tracked wherever it goes. Votes are registered and received, but not monitored and traced on two ends.
Parent
Re: (Score:3, Interesting)
I am also a believer in Hanlon's Razor. In fact, I I'll stick with Hanlon on this one and disagree with you.
When the owner of Diebold boldly promised to "deliver" Ohio to the Republicans (was it in 2004?), I'm pretty sure he was talking about how easy his product is to hack, not about bugs in the software (intentional bugs or otherwise). There is strong circumstantial evidence that Diebold has been involved in intentionally changing the results of elections, but I don't think this particular counting mishap
Re:Is Hanlon's Razor sharp enough to cut this? (Score:4, Insightful)
Parent
Re:Is Hanlon's Razor sharp enough to cut this? (Score:5, Informative)
Premier told her the problem wasn't her but its Global Election Management System software (also known as GEMS) which is used to tabulate votes from all of the company's voting systems -- optical-scan machines as well as touch-screen machines.
Premier explained that due to a programming problem, the first "deck" or batch of ballots that are counted by the GEMS software sometimes gets randomly deleted if any subsequent deck is intentionally deleted. The GEMS system names the first deck of ballots "deck 0", with subsequent batches called "deck 1," "deck 2," etc. For some reason "deck 0" is sometimes erased from the system if any other deck is erased. Since it's common for officials to intentionally erase a deck in the normal counting process if they've made an error and want to rescan a deck, the chance that a GEMS system containing this flaw will delete a batch of ballots is pretty high.
Yes, this looks ridiculous considering it's a voting machine, but to me it looks like a pretty normal software bug. I've seen far worse things get paste a full blown QA team.
Parent
Re: (Score:2, Interesting)
All the more reason not to trust even a full blown QA team with our votes.
Re: (Score:2)
Re: (Score:3, Interesting)
There is a key difference in Islam in the Imam's are the ultimate authority (or perhaps you could weasel it and say their interpretation of the Koran and Haddith is the ultimate?) whilst in a Christian church the ultimate authority is the word of God, especially as expressed in the Bible. Christianity is about personal faith, Islam is about a whole system for living.
Thus Islam is a political system too, whilst Christianity is not.
I think Judaism leans more towards the Islamic side with the rabbinic traditio
a pretty normal software bug .. :) (Score:4, Interesting)
maybe on your planet the ability to count up in single integer increments is considered too esoteric for the average QA team, but here it's something the average IT student can manage
Parent
Re: (Score:3, Interesting)
In general, it is hard to
you are talking rubbish .. (Score:5, Insightful)
Firstly, voting machines should be subject to a full stress test before being deployed in a live election. Secondly ATMs can not be remotely 'reflashed', To upgrade required the replacement of the ATM module and the use of an external hand-held unit (plugged into the ATM) and the presence of two bank officials and the use of two unique PINS.
Parent
DIEBOLD: We vote so you don't have to ... (Score:5, Insightful)
What bothers me more (Score:4, Interesting)
Parent
Re: (Score:2)
This just in: People look out for their best interests - always. In other news the sky is blue...
Re: (Score:3, Insightful)
Re: (Score:2)
That's so naive I almost feel sorry for you.
Oh, and get a clue. There's a difference between doing what's in your best interest and being corrupt.
One area where open source will definitely win (Score:5, Interesting)
In testing. You need to be able to verify the testing mechanism. Open Source will win there because of the ability to view and modify the code. Just verify that you are testing with the same stuff that you reviewed.
Re:One area where open source will definitely win (Score:5, Funny)
In testing. You need to be able to verify the testing mechanism. Open Source will win there because of the ability to view and modify the code. Just verify that you are testing with the same stuff that you reviewed.
Live Free or Diebold!
Parent
Re: (Score:3, Funny)
Re: (Score:2)
In testing. You need to be able to verify the testing mechanism. Open Source will win there because of the ability to view and modify the code. Just verify that you are testing with the same stuff that you reviewed.
While normally you would be correct, open source will only 'win' in the testing department if the goal in the first place was to have functional software that works (as close as possible) to how it claims to work.
Can you honestly with a straight face say that was Diebolds want/desire at any point during this e-voting scam?
64,161 votes with 197 errors (Score:2, Interesting)
Sounds like they used humans to count the vote in reality.
A very small percentage. Still a concern.
Re: (Score:2, Informative)
A very small percentage.
... Assuming that there were no further bugs.
Re: (Score:3, Insightful)
Exactly. In a lot of places, jerrymandering has made individual votes less important because the winners often win by a large margin. This is true for both major parties.
However, for statewide elections as evidenced in Minnesota recently, individual votes can have a HUGE impact. A +/- 200 error isn't good enough when the winner's margin is only 100 votes.
Kudo's (Score:4, Insightful)
To this guy who took it upon himself to provide this check, and kudo's to the supervisor who made it possible. The idea of providing DVD image scans so anyone can verify the vote is genius. I hope other counties start providing real verification like this.
why not have dual voting programs? (Score:3, Insightful)
I have read over and over about unreliable software counting votes. Why not have each vote be counted by two programs? It seems like it would be fairly trivial to have them share the same interface, but the actual methods of counting votes and securing themselves would be completely independent. They would be written by two sources (whether free or not) and then could be used to test each other (in addition of course to humans counting the paper trail the two would print out).
Re: (Score:2)
I believe that electronic devices could do a much better job however they're doing this ass backwards with closed source software and one company.
Slashdot's polling software is more useful.
Re: (Score:2)