Slashdot Log In
Diebold Election Audit Logs Defective
Posted by
kdawson
on Tue Mar 03, 2009 01:28 PM
from the worse-than-we-thought dept.
from the worse-than-we-thought dept.
mtrachtenberg writes "Premier Election Solutions' (formerly Diebold) GEMS 1.18.19 election software audit logs don't record the deletion of ballots, don't always record correct dates, and can be deleted by the operator, either accidentally or intentionally. The California Secretary of State's office has just released a report about the situation (PDF) in the November 2008 election in Humboldt County, California (which we discussed at the time). Here's the California Secretary of State's links page on Diebold. The conclusion of the 13-page report reads: 'GEMS version 1.18.19 contains a serious software error that caused the omission of 197 ballots from the official results (which was subsequently corrected) in the November 4, 2008, General Election in Humboldt County. The potential for this error to corrupt election results is confined to jurisdictions that tally ballots using the GEMS Central Count Server. Key audit trail logs in GEMS version 1.18.19 do not record important operator interventions such as deletion of decks of ballots, assign inaccurate date and time stamps to events that are recorded, and can be deleted by the operator. The number of votes erroneously deleted from the election results reported by GEMS in this case greatly exceeds the maximum allowable error rate established by HAVA. In addition, each of the foregoing defects appears to violate the 1990 Voting System Standards to an extent that would have warranted failure of the GEMS version 1.18.19 system had they been detected and reported by the Independent Testing Authority that tested the system.'"
Related Stories
[+]
Suit Claims Diebold Voting Machines Violate GPL 252 comments
An anonymous reader writes "Diebold Inc. and its subsidiary, Premier Election Solutions, is using Ghostscript in its electronic election systems even though Diebold and PES 'have not been granted a license to modify, copy, or distribute any of Artifex's copyrighted works,' Artifex claims in court papers filed late last month in US District Court for Northern California. The gs-devel list first brought up the possible GPL violation a year ago."
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Fraud (Score:5, Insightful)
Ok, so when do we get to throw Diebold exec in jail for election tampering already?
Re:Fraud (Score:4, Insightful)
Ok, so when do we get to throw Diebold exec in jail for election tampering already?
When you can prove intent.
Or, put another way, "Never ascribe to malice, that which can be explained by incompetence." --N. Bonaparte
Parent
can we at the very least sue them (Score:5, Interesting)
for providing a defective product?
Parent
Re: (Score:3, Insightful)
The last sentence in the summary seems to blame the testing of the provided system for not detecting that the system is defective. So, it's the customer's fault that a defective system was used, not the vendor's.
seems like shared responsibility (Score:5, Informative)
In most industrial settings, if something's built to a specification, and it's later discovered to have failed to meet the specification, the vendor's still at least partly liable, even if the customer failed to discover the defect in initial validation.
Parent
Re: (Score:3, Funny)
signed,
Ralph Nader
Re:can we at the very least sue them (Score:5, Interesting)
I guess that means people should keep that in mind when they see a Diebold ATM. Who knows how much it might debit your account when you withdraw funds.
Parent
Re:Fraud (Score:5, Interesting)
In which case the engineers who signed off on the thing and any executives who knowingly pushed defective gear out the door would be punished and sanctioned.
"Hold a voting machine to similar standards as critical care life-support? that's ludicrous!", some might say. But if a corrupt group of politicians could rig the machines to get into power and (hypothetically, of course) start a war and that would cause many more deaths than some spurious bug in some medical equipment.
Parent
Re:Fraud (Score:4, Insightful)
Gambling machine standards. ATM standards.
Why couldn't they just copy/paste those? It's pretty much a guarentee those are as close to bulletproof as we can make hardware. (I'd personally lean towards the video poker standards, somehow I think those are more rigorously designed than ATMs)
Parent
Re:Fraud (Score:5, Insightful)
In both ATMs and gambling machines, the operator is a trusted entity. In voting he is not. Big difference.
Parent
Re:Fraud (Score:5, Informative)
Parent
Re:Fraud (Score:5, Funny)
Pfft, like that could ever happen. And if it did, they'd be unceremoniously thrown out after a single term.
Parent
Re: (Score:3, Insightful)
We should change the laws to hold devices used in state and federal elections to similar or same standards as life-critical medical devices.
They are life-critical. Just ask Saddam.
Re:Fraud (Score:4, Insightful)
I generally agree with that statement, but I'm really having a hard time figuring out how anyone could be that incompetent. What does a voting machine need to do? Count ballots, and keep a record of the count. That's about it. Oh, sure, you put a nice GUI and a touch screen on it, but at its core you're simply doing "candidate++; write_log(candidate);" over and over again. And the numbers you're counting aren't even that big, relatively speaking. They're certainly not going to overflow a 32-bit integer, so you don't have to worry about roll-over.
How can anyone be incompetent enough to screw that up? That's truly creative incompetence.
Parent
Re: (Score:3)
How can anyone be incompetent enough to screw that up? That's truly creative incompetence.
Simple. Some big headed exec realized how much money and time they could save by making GEMS from an MS Access database using VB commands and an autorun script.
Re: (Score:3, Insightful)
Re: (Score:3, Informative)
It was the MSAccess2000 version, but I've personally caught MSAccess making a mistake when adding two numbers. It didn't happen often, but it did happen. And they weren't even large numbers.
Now you might say "But you only caught one out of hundreds of thousands of calculations!". My response is "Do you know how difficult it is to track down that kind of error!" I expect that there are thousands that I didn't catch, or ascribed to rounding errors. The next day I stopped using (i.e., creating new program
Re: (Score:3, Interesting)
Why is it whenever some apologist trots out Napolean's quote to "prove" that incompetence should always be assumed instead of malice, they always leave off the very important qualifier, "adequately"?
First, I'm not an apologist for anybody, jackass. I'm a cynic. I've just known enough morons to realize that stupidity truly has no bounds. See below.
Can all the gigantic, mind blowing holes in Diebold's software be ADEQUATELY explained by incompetence?
Absolutely. Right now, I'm part of a multi-company
Re:Fraud (Score:5, Interesting)
life sentence.
seriously. one of the purposes of jail is to send a CLEAR MESSAGE that behavior such as this is not to be tolerated.
and no hiding behind corp names - individuals at the top of the company should do jail time. no debate about that - they must directly feel the pain for the LOSS OF DEMOCRACY we suffered.
200 yrs ago, give or take a few, people would be HANGED for this for treason. how is this not treason?
I don't agree with hanging but I do agree with a 20+ year jail sentence. let the CEO's of the world know that there are some things that are so holy, you JUST DON'T MESS WITH THEM. democracy and fair voting is such a fundamental thing.
a message should be sent. mandatory jail time with 20 years min. drug offenders who do FAR less damage to society are doing this today; why not punish REAL criminals for a change?
Parent
Re:Fraud (Score:4, Insightful)
Parent
Re: (Score:3, Interesting)
you want treason?
what about the statement on record from diebold saying they'll do "everything possible" to ensure the republicans get into office (years ago).
this raises doubt.
the trail of 'bad machines' raises the bar even more on doubt.
now, this company makes cash machines and from what I understand, they are exact to the penny. and thousands more people use these (per day!) than the once-every-few-years cycle of voting.
why can't they be held to their own data standards? a diff data standard for money
Re:Fraud (Score:5, Funny)
I vote we throw them all in jail!
YOU HAVE SELECTED ICE CREAM PARTY.
Wait. Now wait one minute, I *know* I voted jail...
Parent
Re: (Score:3, Interesting)
200 yrs ago, give or take a few, people would be HANGED for this for treason. how is this not treason?
Simple. When those in power change the definition of "treason" to "supporting terrorism" where the definition of "terrorism" has been changed to "voicing disapproval with government policy" and so on and so forth.
Re:Fraud (Score:4, Informative)
Constitution, Article III, Section 3:
Treason against the United States, shall consist only in levying war against them, or in adhering to their enemies, giving them aid and comfort. No person shall be convicted of treason unless on the testimony of two witnesses to the same overt act, or on confession in open court.
That's how this is not treason.
Parent
Re: (Score:3, Funny)
CONSTITUTIONAL SMACKDOWN!!!
Re: (Score:3, Interesting)
One day the wrong group of folks will feel very disenfranchised, and will go all Athens, Tn [wikipedia.org] on 'em.
Re:Fraud (Score:4, Insightful)
Ok, so when do we get to throw Diebold exec in jail for election tampering already?
The better question might be when will Diebold ask for a stimulous bail-out?
Parent
Re: (Score:3, Insightful)
the same time you throw your politicians who sold you out to corporations to jail or shoot them and make them pay for the bullets.
Re: (Score:3, Funny)
Well, actually, these results are no more valid than Bush's results, if they were conducted with the same machine. One of the strongest arguments for a transparent voting system is that both parties can point to the system and say, "see, I didn't cheat. There's your evidence." With systems like the Diebold machines still being used, any election run on those systems is suspect, whether one party actually took advantage of the flaws to cheat or not.
The upshot is, that really, Obama's election isn't any more
Re: (Score:3)
Re: (Score:3, Interesting)
Yes, overturned Pharamacists being able to deny me a doctors perscription due to "religious beliefs". Being in a strong Religious community, this is very important to me. My wife would appreciate our birth control perscription now without having to drive to an open minded pharmacist.
allowed??? (Score:5, Insightful)
The number of votes erroneously deleted from the election results reported by GEMS in this case greatly exceeds the maximum allowable error rate established by HAVA
There is an *allowed* number??
Re:allowed??? (Score:5, Insightful)
Parent
Re:allowed??? (Score:4, Insightful)
There is an *allowed* number??
In any organic process, there will be a systemic error rate. These are people we're dealing with, not machines. People get confused, they make mistakes, they get angry and other people allow those mistakes to stand, sometimes they do the right thing for the wrong reasons or the wrong thing for the right reasons. Voting is a right, but nobody ever said it's done right. That said, the goal is to make that error rate less over time, to make continuous improvements in voter education, in process control, and in effective auditing, all the while knowing that perfection is a direction not a goal.
The problem as presented here is that the error rate grossly exceeds what previous methods had, and that this is attributable to systemic flaws, rather than the inherently higher initial error rate that would be present in the early use of any new system.
Parent
Re: (Score:3, Insightful)
The difference is that with a paper ballot system, there is an accurate paper trail. You can't just toss out an entire block of ballots without someone finding them in the trash with a paper ballot system. But, it appears that exactly that can happen with the diebold systems.
Diebold may not be maliciously trying to tamper with elections. They have just made it exceptionally easy to tamper with elections. They should not be trusted.
Re: (Score:3, Insightful)
In Chicago, the Democrats would have a pre-printed set of ballots already filled out to go back in with the others. They'd make sure that dead people voted and such to get the numbers close enough that people wouldn't lose too much faith in the system. Or the Republicans in the south that would use poll taxes after they were illegal, block access, change polling places so that people couldn't vote. In both cases, no amo
Old news (Score:5, Informative)
Re:Old news (Score:5, Funny)
as complicated as using Access on Windows.
Parent
The real problem (Score:5, Insightful)
I have not seen a single issue in my accounts due to ATMs.
Re: (Score:3, Interesting)
If memory serves, Diebold supposedly landed in the voting machine business by acquiring another company (name escapes me, but I imagine somebody knows what the name was.) As such it's possible that the group of people working on t
Re:The real problem (Score:5, Informative)
OR.... Diebold didn't make them, rather Premier Election Solutions did. Diebold bought Premier back in the early oughties when Wally O'Dell was CEO and had deep interest with the Bush administration. Your banking "issues" are from a completely separate company in a completely separate state.
http://www.rawstory.com/news/2005/Diebold_CEO_resigns_after_reports_of_1212.html [rawstory.com]
Parent
Why Authentication is a good idea! (Score:5, Insightful)
The very polite woman looked away and told me that she CANNOT look at my ID Cards because of laws/rules.
She simply verbally asked for my name from a list of registered voters in my district, I signed my name on the blank beside my computer printed name and was handed my ballot.
Scratching my head, I went into the both and voted. Next I returned my paper ballot card to a large scanning device and inserted it and that was 'voting' for 2008.
What troubles me is that there was almost ZERO authentication! All I needed, was a name and to show up where that name would be likely registered and I could vote fraudulently.
I get more authentication getting gas with mt debit card at 7-11!
I realized that this must be ON PURPOSE. But why? All I can conclude after much though is to allow fraud.
->We already have a perfected system that nearly everyone already knows how to use! They are called Credit Cards!
Why can Mastercard/Visa reliably authenticate BILLIONS of unique transactions with very little error and an audit trail and Diebold cannot?
I believe that when the US has another election, we should be issued Visa/Mastercard Debit cards with our pictures on them linking to a database of our eligibility to vote in US elections.
We use the same credit card/ debit card devices that are used all over which are tied to a computer touch screen, and we "purchase" a list of candidates (just like building a PC at NewEgg..) and then "purchase".
Now I have a printed receipt that instantly confirms my choices and selections after the transaction. If I made any mistake, I will need to immediately take that receipt to the person conducting the elections with my photo ID debit card for voting, and they will assist me in correcting the errors and I will need to electronically sign a form and will be issues a correction receipt with my previous incorrect choices credited to my "account" and the my new correct selections "purchases" on the new receipt.
of course, I will be able to later look this up online to verify my paper receipt matches the online database of my "votes" (purchases).
Why reinvent the wheel? Mastercard/Visa have over 30 year experience conducting authenticated transactions and their fee is typically less than 3%.
The Sause is not in the touch screens or their audit logs, it is in AUTHENTICATION and being able to reliable VERIFY your selections got registered as your choices.
(Of course I will later expect a statement via the US Mail (built in fraud protection laws) that will exactly match my printed receipt obtained at the time of my voting...)
Re:Why Authentication is a good idea! (Score:5, Informative)
The very polite woman looked away and told me that she CANNOT look at my ID Cards because of laws/rules. ... ...
What troubles me is that there was almost ZERO authentication! All I needed, was a name and to show up where that name would be likely registered and I could vote fraudulently.
I realized that this must be ON PURPOSE. But why? All I can conclude after much though is to allow fraud.
No... it's to allow everyone to vote, even if they don't have the money to get a state ID card.
There's no FREE form of authenticated ID. A passport costs $100. A California State ID Card costs $7 if you qualify for a reduced fee.
A state that provides authenticated ID at no charge might not have a state law requiring that people be allowed to vote without ID, but around here, requiring ID would be a financial barrier to voting.
Parent
Minnesota Anyone? (Score:3, Informative)
Re:Minnesota Anyone? (Score:5, Insightful)
Considering that still, several months later, the State of Minnesota is recounting paper Senate ballots over and over, is this REALLY that bad of an option?
You mean, it's better to have an electronic system arbitrarily choose a candidate quickly, than a paper system slowly choose a candidate based on actual votes?
Parent
People don't care any more (Score:3, Insightful)
Most people will feel that the candidate they wanted won, so the machines must be okay. Most will never consider the possibility that their candidate wasn't supposed to win. Or won despite having the machines against him. And the losing side had already picked scapegoats before the election so the don't need to worry about the machines.
Old Version? (Score:3, Interesting)
All in favor of.... (Score:3, Insightful)
How hard can it be? (Score:5, Interesting)
Results are determined thus:
There are 6 counting methods available in this scenario (2 CDRs, 2 scantron auto reads, and (if needed) two manual reads).
All that needs happen is that 4 of the 6 counts match up. CDRs are almost guaranteed to match up, so that's two (and if they don't match up, there has been some type of tampering or system failure, and we move from the CDRs into the Scantrons). After that, if the two scantron autoreads match up to the CDRs within the margin of error, then we know that the votes were counted correctly (3 items were not reviewed by the voter, but those 3 items match up with the voter reviewed cards). If, after looking at these four counting options, we do not have four matches (One of the scantron autoreads doesn't match the other three, or one of the CDRs is corrupted or unreadable, etc.), we do the manual counts. If we do not have 4 matching counts at this point, the votes are not valid, and a revote is required.
Yes, this is an "armchair" analysis, and I'm sure has some holes in it, but how in the heck is an Access Database with VB triggers any better than this armchair analysis?
Re: (Score:3, Insightful)
Too many moving parts. If any one part of the chain there fails during testing (which really only happens in the couple weeks before the election), then that box is unusable, which means there's going to be a *lot* of unusable machines in any given election. Also, any system has to be able to be verified that it's working properly by ANYONE...because that's who you're going to get as volunteers. IT-comfortable folks are thin on the ground as election volunteers.
I volunteered as an election judge this pas