Forgot your password?
typodupeerror
Security Your Rights Online

Electronic Voting: Your Worst Nightmares are True 904

Posted by CmdrTaco
from the its-only-gonna-get-worse dept.
jfreon writes "On Democracy Now Bev Harris of BlackBoxVoting fame, disclosed (near the end of the transcript) that in the compromised 1.8Gigs off Diebold's FTP site they uncovered "an actual election file containing actual votes on election day from San Luis Obispo County, California". Problem is, the date stamp was 3:31pm - during voting hours! The Diebold system uses a wireless network card. Worse: "So that means if they can pull the information in, they can also send information back into those machines. ""
This discussion has been archived. No new comments can be posted.

Electronic Voting: Your Worst Nightmares are True

Comments Filter:
  • by Neophytus (642863) on Thursday September 04, 2003 @03:58PM (#6872213)
    This needs to make mainstream press, and DAMN QUICK.
    • by bradkittenbrink (608877) on Thursday September 04, 2003 @04:03PM (#6872278) Homepage Journal
      actually, shouldn't we try to keep this quiet? doesn't this mean that we can manipulate elections now without the general public finding out? say goodbye to DMCA, UCITA, etc...
      • by abolith (204863) on Thursday September 04, 2003 @04:08PM (#6872365) Homepage
        problem with that is it is likley that DIEBOLD also knows this and is willing to sell this info to different political parties and lobby groups.

        • by missing000 (602285) on Thursday September 04, 2003 @04:29PM (#6872657)
          problem with that is it is likley that DIEBOLD also knows this and is willing to sell this info to different political parties and lobby groups.

          Yep. And guess what party that woud be?

          From the article:

          According to Harris, a study of the campaign contributions made by Diebold and its employees revealed an unusual pattern: Hundreds of thousands of dollars were being funneled to a few Republican candidates with very little to any other party.
          • by Thorsett (5255) on Thursday September 04, 2003 @05:06PM (#6873160) Homepage
            Yep. And guess what party that woud be?

            From today's Ohio Beacon Journal [ohio.com]"

            Walden O'Dell, chief executive of Diebold Inc., told Republicans in an Aug. 14 fund-raising letter that he is ``committed to helping Ohio deliver its electoral votes to the president next year.''

            • by Odinson (4523) on Friday September 05, 2003 @12:30AM (#6876419) Homepage Journal
              Here is my distorted view of the world....

              All things being equal (they aren't), Bush has done enough damage and the press is bold enough with him that he cannot win relection without: it being handed to him by a blunder of an idiot opponent, or if he steals it through fraud.

              We are going into the economic winter of an inevitable Kondratieff Cycle [gold-eagle.com]delayed by massive deficit spending. Whatever party wins the next election will take the blame for this.

              Based on the momentem of electronic voter machine replacment and the detailed widespread press coverage of the hanging/dimpled chad recount process, if the presidential election is in within 0-5% there will be great hubbub and sevral recounts.

              Bush will become president again after recounts play out. The media will be forced to cover the advantages of open source vs proprietary software. It's to short a logical leap for the press not to take.

              Durring the mayhem and finger pointing US companies that make software will become the biggest boogie men in the questionable election. Rigged or not, the mistrust of the govt will be enourmous. The stigma will linger and people will understand the software/IP alternitive en-masse for the first time.

              When the market/housing/bonds/currency all crash, because the chinese unpeg the yuan from the dollar as late as possible (2007 3/4 as per the WTO) and the yuan springs back hard destablizing everything. (they will do this as sabotage or an economic nuke.) Republicans will take all the blame for the following depresion and the corruption that caused it. (Nothing sucks like a Hoover)

              The Republican party will be dispanded, and perhaps a world war (over intelectual property) will occour. Laws on software will radically change for the better in 2012-2015 bringing the US inline with less recent but still new international IP law.

              As crazy as it seems, the scarriest thing to me right now is a Democrat winning. Most of these things will still happen but the Democrats will take the blame. Democrats are way to weak to survive a disasterous presidency and will dispand.

              Obviously whatever party is dispanded will be replaced, but the populist replacment will take time to accumulate power and the country will swing hard to the left or the right.

              Somebody please laugh at me.

              • by sg_oneill (159032) on Friday September 05, 2003 @02:37AM (#6876989)
                The Republican party will be dispanded, and perhaps a world war (over intelectual property) will occour. Laws on software will radically change for the better in 2012-2015 bringing the US inline with less recent but still new international IP law.

                Furthermore, a Cabal of Masons and Catholics will deploy mind control lasers to manipulate the dollar, crash the stock market and prepare the way for Jehova-1 and the Yeti's impending invasion.

                Only "Bob" [subgenius.org] can save us now.
      • by JoeLinux (20366) <joelinux AT gmail DOT com> on Thursday September 04, 2003 @04:11PM (#6872405) Homepage
        We, the illuminati, have been doing this for years...I mean...wait....damnit, I was supposed to log in as anonymous.
      • by kryzx (178628) * on Thursday September 04, 2003 @04:18PM (#6872501) Homepage Journal
        The question is: would Diebold be just too damn idiotic and incompetent to even notice shennanigans like that (95% probability), OR are they more capable and devious than they appear - meaning they've locked down access by anyone but themselves, so *They'll* be in control (05% probability)?
        Frankly, either way it's scary.
        But the rampant security issues, rather than one carefully managed secret hole, indicate that the first option is much more likely.
      • by Lord_Slepnir (585350) on Thursday September 04, 2003 @04:19PM (#6872517) Journal
        Except that not just upstanding citizens would have a chance to manipulate the votes. Which would mean that Cowboy Neal is going to be our next president, with Natalie Portman of the Hot Grits party as Vice President. George W Bush will find that he will have (-1, Troll) votes in each precinct.
      • by H310iSe (249662) on Thursday September 04, 2003 @06:10PM (#6873828)
        Prediction: Wars between political campaigns and hackers over the 1337 space of the voting booth results in Ohio registering over 30 billion votes in the next Presidential election, with Luke Skywalker edging out both Dean and Bush, and the Democratic candidate coming in a distant 4th.
      • by Geek of Tech (678002) on Thursday September 04, 2003 @08:08PM (#6874834) Homepage Journal
        Why not just hack it and make CmdrTaco president? Yeah...... and then CowboyNeal could be vice-president..... and we could all be senators........

    • Why bother? (Score:5, Funny)

      by SHEENmaster (581283) <travisNO@SPAMutk.edu> on Thursday September 04, 2003 @04:06PM (#6872322) Homepage Journal
      The mainstream press has been silenced after the Communist party won a landslide victory in the latest presidential election recount.
      • Re:Why bother? (Score:5, Interesting)

        by Teancum (67324) <robert_horning.netzero@net> on Thursday September 04, 2003 @04:25PM (#6872605) Homepage Journal
        While the Communist party would be fun, a couple of others would be of more interest:



        Honestly, it would be good to have hackers...and I mean real good hackers, not script kiddies, change the results of a large election to a party like one of the above just to show the real danger to having machines like this wide open.

        While I don't normally advocate the breaking of laws (and I love white hat hacking), something dramatic does need to happen to wake some ordinary people up. Of course, this isn't really all that different from the 100,000 dead people who voted for JFK in 1960, but who is counting.
        • by Malc (1751) on Thursday September 04, 2003 @05:39PM (#6873505)
          You guys need to be introduced to the Monster Raving Loony Party [omrlp.com]. Check out their policies: although written in a serious manner, some of them are quite silly, such as reducing class size by making the children sit closer together ;) Somehow their rock star leader has become the longest standing party leader in the UK, and they consistently field candidates across the country in every election.
    • He he. Headlines from the future: Harold P. Winkerbody comes out of nowhere to be the first 17 year old governor of California. He succeeds in changing the state name to Kalifornia, legalizes skateboarding in all public places, legalizes consumption of beer by minors and then is impeached after it is discovered he hacked into the system to rig the votes when he was elected.

      • More headlines... (Score:5, Interesting)

        by NineNine (235196) on Thursday September 04, 2003 @05:00PM (#6873072)
        A corrupt presidential candidate who is poised to lose an election suddenly wins when his corrupt brother, who happens to be a governor of a very populous state, "loses" thousands of votes, tipping the election in favor of his brother. the entire world knows about it, yet the corrupt presidential candidate is allowed to take office.

        Oh wait...
    • by Hierarch (466609) <CaptainNeeda@gm a i l .com> on Thursday September 04, 2003 @04:35PM (#6872747) Homepage
      This needs to make mainstream press, and DAMN QUICK.

      Definitely. Now, how do we accomplish that? I don't have contacts with the press. I've got contacts on at least one dem campaign team (surprisingly, not Dean!), even contacts in the defense industry, but the press? Nothing. Who does? How do we get this in front of them?

  • by Eric Ass Raymond (662593) on Thursday September 04, 2003 @04:01PM (#6872244) Journal
    Don't forget this [drudgereportarchives.com]:

    "The head of a company vying to sell voting machines in Ohio told Republicans in a recent fund-raising letter that he is "committed to helping Ohio deliver its electoral votes to the president next year."

    Yes. Your votes are being scammed to keep the neocon scum in power.

    • by Eric Ass Raymond (662593) on Thursday September 04, 2003 @04:08PM (#6872353) Journal
      Ah, yes. Mod me down.

      Maybe fewer people will be able to form their opinions on freely available information that way. That's what you neocon/conservatives would like, after all. Just like Britney Spears says [drudgereportarchives.com]:

      "Honestly, I think we should just trust our president in every decision that he makes and we should just support that, you know, and be faithful in what happens."'

      Don't question the authority. That's the way to go.

    • Think about this and answer honestly: If the same guy were a vocal supporter of a politician who you support, would you be convinced he was going to cheat? Or would you see it rationally- the man has opinions, just like every other person in the world?
      • by snarfer (168723) on Thursday September 04, 2003 @04:40PM (#6872799) Homepage
        If the guy ran a voting machine company, and the voting machine company made machines that can't be audited, and then we found on that company's website that they were illegally obtaining data DURING an election...

        And if the company - even though it would MAKE MORE MONEY - refused to make an add-on printer so a ballot could be printed, examined by the voter, and put in a separate ballot box for counting to verify that the machine correctly reported the totals...

        Well, I might not be convinced he was going to cheat, but I sure wouldn't want to trust an election to his machines.

        Remember, with these machines there is NO WAY to know if the machine correctly reported the vote.

        SOME of us here work with computers, so we know that sometimes the computers make mistakes. So wouldn't it be a good thing if we had a way to verify what a machine reported?

        What if a machine just broke down? Do we hold the election over again, or do we throw out all the votes from that precinct?
    • by snarfer (168723) on Thursday September 04, 2003 @04:11PM (#6872406) Homepage
      Even more interesting is that Diebold would MAKE MORE MONEY if they sold voting machines with add-on printers so you could deposit a paper record of your vote in a separate ballot box! However, Diebold - and the other voting machines companies that happen to be owned by Republicans - OPPOSE this!

      Additional revenue from add-on sales like this - and the service contracts that would go with it - are immensely profitable.

      So what is going on here?

      Also, they insult and ridicule anyone who tries to point out that electronic voting machines that cannot be audited are a problem! Even the hundreds of computer scientists who have spoken out are told they don't know what they are talking about. What IS going on here?

      What would be so difficult about adding a printer, and having the voter look over the printout and then deposit it into a separate ballot box? Why are they so dead-set against doing this, even when it would make them tons more money? Are these Republican-owned "businesses" after something besides money?
      • by Experiment 626 (698257) on Thursday September 04, 2003 @05:17PM (#6873272)
        I tend to be wary of "Corporations = Republicans = Evil" type rants, as they are often fairly knee-jerk and unfounded, so I poked around a bit. In this case there is a connection, albeit a pretty minor one.

        Diebold's SEC filings [sec.gov] show their Chairman / President / CEO to be Mr. Walden W. O'Dell, who has donated [opensecrets.org] $2000 this summer to Senator George V. Voinovich [senate.gov], Republican from Ohio (Diebold's home state). Diebold Inc.'s soft money donations [opensecrets.org] also go to Republicans.

        This does not demonstrate to me much evidence that Diebold is "after something other than money", it looks like routine political activity to me. But, while my quick research has neither managed to refute nor confirm your conspiracy theory, I'll pass it along anyway for whoever might be curious.

    • by Lemmy Caution (8378) on Thursday September 04, 2003 @04:15PM (#6872452) Homepage
      It's worse than you think. Election Systems and Software, the company that builds, owns and largely runs [thehill.com] many of the voting machines used in the US (and 80% of those used in Nebraska) was at one time headed and is still partially owned by Chuck Hagel, Republican Senator from Nebraska - who, surprisingly, won unprecedented victories in his state against an incumbent Democrat governor, winning by the largest landslide ever and taking the majority among demographics that had never voted Republican in the past.Hagel had avoided reporting his ownership, and then the whole trail started to come out into the open. It also turns out that Election Systems and Software was heavily funded by the conservative Christian fundamentalist Ahmanson family. [au.org]
      • by MajroMax (112652) on Thursday September 04, 2003 @04:46PM (#6872870)
        ... and is still partially owned by Chuck Hagel, Republican Senator from Nebraska - who, surprisingly, won unprecedented victories in his state against an incumbent Democrat governor, winning by the largest landslide ever and taking the majority among demographics that had never voted Republican in the past.

        Actually, this is one of the times I'd be LEAST likely to suspect election fraud. You seem to forget that any election more attention-getting than local school board is going to be continuously monitored by opinion polling.

        If, as you suggest, the landslide was fraudulent, then the election results would have no relation to either the pre-election polls or the exit polling. This would attract an awful lot of attention in the media, and I believe that any fraud on the scale that you suggest would at least be openly accused.

        The only place, in my mind, that election fraud would be useful beyond the threat of detection would be in extremely close races -- those that no one has any idea who will win. In those cases, than altering the votes by 1% would still be within the margin of error on even the exit polling, and so wouldn't be immediately suspicious.

  • by Jonas the Bold (701271) on Thursday September 04, 2003 @04:01PM (#6872248)
    How about some protections for democracy back home first? This is utterly unacceptable.
  • Question (Score:4, Interesting)

    by Kjella (173770) on Thursday September 04, 2003 @04:02PM (#6872251) Homepage
    Does those voting data also tie person with vote? In other words can you "just" rig the election, or can you also keep a full database of people's voting habits?

    Kjella
    • Re:Question (Score:3, Interesting)

      by canajin56 (660655)


      Supposedly the connection is one way, so they cannot "rig" the election, per se. An article I had read earler said that it was only summary information, tallies, of the votes, not each individual vote, that was uploaded. The article posted here isn't clear on the subject.


      But either way, it is very illegal to count votes while the poles are still open, regardles of whether or not you can tie each vote to each person.

  • WS FTP (Score:3, Funny)

    by Anonymous Coward on Thursday September 04, 2003 @04:02PM (#6872256)
    Next time when they decide to use WS FTP someone should tell them to disable the WS_FTP.LOG files. *shakes head*
  • Boycott (Score:5, Funny)

    by Ignorant Aardvark (632408) * <cydeweys@@@gmail...com> on Thursday September 04, 2003 @04:02PM (#6872260) Homepage Journal
    In typical slashdot fashion, we must protest this gross error in security the only way we know how - BOYCOTT!! If millions of geeks suddenly stop voting, the elected officials are going to HAVE to listen to us ... right?!
  • by vectus (193351) on Thursday September 04, 2003 @04:02PM (#6872262)
    I think the safest thing we can do now is to wholly invest in this new technology and pretend the problems aren't there. If we change things around at all or abandon this technology, hackers and terrorists win. Think about that.
  • OSS (Score:3, Interesting)

    by casuist99 (263701) on Thursday September 04, 2003 @04:03PM (#6872271) Homepage Journal
    Is it too much to hope that our public officials will realize the potential for corruption, fix it (though any of the possible ideas which have been suggested on /.) and move on?
    True, paper and pen ballots are vulnerable to tampering and etc, but at least you can recount the ORIGINAL ballots as the voters filled them out. Electronic ballots lack such a safeguard. Unless of course we print out a paper-copy of the ballots to keep in a lock-box just in case the voting procedures are called into question. But then why not just use paper ballots in the first place??
    • Re:OSS (Score:4, Interesting)

      by default luser (529332) on Thursday September 04, 2003 @04:40PM (#6872795) Journal
      But then why not just use paper ballots in the first place??

      Because one of the hottest debates in a recount is over disputed ballots. One only had to see the whole hanging chad / pregnant chad bullshit in Florida to grasp this concept.

      Imagine this: the voters get clean laser printout with their selections. The voters verify the selections and put them in the box. A week later, a recount is issued, and wow! No disputed ballots! It's all there in plain toner.

      Of course, the ballots would probably have a barcode to be used for recount, and some 1337 haxor could alter the barcode while printing out the proper selections, causing the recount to be skewed. But if the recount is thorough, then eventually someone will count the printed-out selections, and spot the discrepancy.
  • by PoPRawkZ (694140) on Thursday September 04, 2003 @04:03PM (#6872273) Homepage
    before we worry about the voters figuring out the ballot system, let's worry about how the voters are educated about the candidates in the first place. at least someone with the knowledge to hack the voting system in the first place is educated. their choice for our nations leaders would better suit the technology savvy of us anyway. what are we worried about? the ball is in our court.
  • by snarfer (168723) on Thursday September 04, 2003 @04:03PM (#6872274) Homepage
    The Commonweal Institute has compiled quite a bit of information [commonwealinstitute.org] (scroll down to the links) about the problems with electronic voting machines.
  • mod me down (Score:4, Interesting)

    by Anonymous Coward on Thursday September 04, 2003 @04:03PM (#6872276)
    "So that means if they can pull the information in, they can also send information back into those machines. ""

    Mod me down, because I am obviously too dumb to realize that just because the data from a machine makes it onto a server, does NOT mean that you can push data back.

    You think, maybe, the voting machine pushes its data to a repository and defined intervals? Maybe? kinda?

    teknopurge
    • Re:mod me down (Score:4, Insightful)

      by amcguinn (549297) on Thursday September 04, 2003 @04:23PM (#6872573) Homepage Journal
      I think the point is that it would be very easy to prevent any communication to or from the voting machine during voting hours, but that while, as you say, it would be possible to ensure that only outgoing communication can happen, it's relatively difficult to ensure and prove that the outgoing communication doesn't allow any incoming communication. Bear in mind that TCP/IP, for example, is inherently two-way; it's impossible to send packets unless you can receive ACK/NAK messages back.
    • Re:mod me down (Score:5, Insightful)

      by frankie (91710) on Thursday September 04, 2003 @04:33PM (#6872713) Journal
      does NOT mean that you can push data back.

      The people who built the machine are the same ones running the data stream. They've got ROOT. Having any data access in the middle of the election means that Diebold could write back too, and that simply shouldn't be possible with a well-designed voting system.

    • Re:mod me down (Score:5, Interesting)

      by ChaosDiscord (4913) on Thursday September 04, 2003 @04:51PM (#6872928) Homepage Journal
      Mod me down, because I am obviously too dumb to realize that just because the data from a machine makes it onto a server, does NOT mean that you can push data back.

      The connection is a plain old modem connection (as mentioned in the article). By its very nature it's able to receive information in addition to sending it. Hopefully the machines won't accept any modifications to the vote record, but this does establish that an previously unknown channel, open during an actual election, is available. It doesn't necessarily mean anything wrong was occurring, but it does mean that it's possible for something wrong to happen. For something as important as our democracy, I demand the highest levels of security. Trusting a private company with strong political ties to do the right thing seems stupid.

      You think, maybe, the voting machine pushes its data to a repository and defined intervals? Maybe? kinda?

      Hmmm, I'd really rather not have my voting machine sending its vote information to a private company in the middle of the vote. Again, as mentioned in the article, by law you cannot count the votes until the polls have closed. Making the numbers available to an outside party isn't allowed. (This is, of course, why there are exit polls instead of the networks just hooking up to the poll computers for up to the minute totals.)

  • by Henry V .009 (518000) on Thursday September 04, 2003 @04:04PM (#6872290) Journal
    As the next President of the USA, I promise to make fixing this problem one of my top priorities.
  • by Arslan ibn Da'ud (636514) on Thursday September 04, 2003 @04:04PM (#6872293) Homepage
    Are you kidding? If the vote is this easy to rig? Congratulations, CmdrTaco, you've been elected!
  • by Anonymous Coward on Thursday September 04, 2003 @04:05PM (#6872309)
    Great, now we'll have people cruising by with cantennas and VoteStumbler trying to get extra votes in for that black guy from Hackers
  • by Hayzeus (596826) on Thursday September 04, 2003 @04:06PM (#6872321) Homepage
    So that means if they can pull the information in, they can also send information back into those machines.

    Not necessarily. Just because a resource can be read from doesn't mean it can be written to. With proper design...

    Oh -- we're talking about Diebold? Nevermind...

  • by Houn (590414) on Thursday September 04, 2003 @04:07PM (#6872330)
    The general public and opponents of electronic voting will use this as "proof" that e-voting can never be stable and reliable. I fear that any blunders we have now may severely cripple public perception to the point that the masses won't WANT to e-vote, despite the ease and efficiancy such a system could provide. I also fear that we won't be able to EVER make an unhackable e-voting system - humans are falable creatures, and with something so obvious a target, there will always be attacks launched against it to expose the inevitable weaknesses, with resulting bad press.

    Every technological setback may end up as another knife in e-voting's back. ...then again, maybe the public will get used to crackable e-votes. I mean, what, 95% of them run Windows unpatched, right?
    • I live in Brevard county -- in FLORIDA! Out voting system works just find, and is a mixture of old and new technologies. We mark on a paper with a felt-tip pen. Just fill in the little bubble. (remember those tests in school?) Then, a machine reads in the paper.

      The advantages of a system like this:
      1) Electronic results for easy/fast counting
      2) Original ballots retained for recounts.
      3) User interface is familiar to anybody who has ever been to school.
      4) No hanging chads.

      My complaint with the all-elect
  • Dammit, (Score:3, Funny)

    by SmurfButcher Bob (313810) on Thursday September 04, 2003 @04:07PM (#6872338) Journal
    ...next thing you'll know, we'll get an actor elected as president.

    Thank god the DMCA prohibits the disclosure of this type of info, because if anyone finds out... we'd be screwed.
    • Re:Dammit, (Score:4, Insightful)

      by RobotRunAmok (595286) * on Thursday September 04, 2003 @04:21PM (#6872552)
      ..next thing you'll know, we'll get an actor elected as president.

      Those were the good ol' days, kid. Small government, wars that ended, and a Commander-in-Chief who kept his trousers on while working.

      Come to think of it, the music was a lot better back then too, wasn't it?
  • by The_Rippa (181699) * on Thursday September 04, 2003 @04:07PM (#6872339)
    The following names were found in the data...

    Edgar Neubauer
    Prudence Goodwyfe
    Mr. and Mrs. Bananas
    Humphrey Boa-Gart
    Snowball I

    As expected they all voted for Sideshow Bob
  • by Angostura (703910) on Thursday September 04, 2003 @04:09PM (#6872376)
    OK, now there are some pretty serious implications if the files described in the transcript are what they appear to be. However, I have to say, I'm not that impressed by the quality of some of the reasoning:

    ... you see, a modem is always two way. If you can pull the information in, you can also push it back through the pipeline the other direction. So that means if they can pull the information in, they can also send information back into those machines.

    What is wrong with this picture? And if nothing is wrong why can't I edit the Slashdot home page?

    • What the author means is that, if communication in one direction is possible, communication in the other direction is also possible. These are closed systems; if it is network aware enough to send a file, it may also be aware enough to recieve a file, thus altering the voting record, and there is no way we can know about it. I believe his point is that the machines themselves should not be connected while voting is taking place.
    • What is wrong with this picture?

      If there was some kind of "read-only memory," I'm sure they would have given it a name by now.
    • I really wasn't trying to be funny there guys, I was trying to point out that a potentially really serious issue will not be taken seriously if people aren't a bit more precise about the nature of the risks.

      You don't want someone to take the last section as I have and conclude 'scare mongering rubbish'

  • by pmz (462998) on Thursday September 04, 2003 @04:10PM (#6872391) Homepage
    Unless an electronic voting method can be proven (in the mathematical sense) to be accurate and secure, we probably are much safer from fraud using pencil and paper in a highly distributed voting scheme.

    Perhaps a few precincts can be corrupted with paper voting, but the whole nation can be corrupted with electronic voting. What moron puts a wireless adapter on a voting machine, anyway?

    Voting is a fundamental exercise in any democratic system. I think being very cautious and conservative is justified, here. Chasing electronic voting for its own sake is simply foolish. It almost seems the push for electronic voting is due only to hungry contractors trying to make a dime for themselves. The 2000 Florida vote is merely a red herring in all this.

    • by Ethelred Unraed (32954) on Thursday September 04, 2003 @04:54PM (#6872977) Journal
      I really don't understand why voting should be electronic -- it is far more open to large-scale abuse than paper (pretty hard to convincingly fake millions of votes on paper, damn easy to change a block of data).

      Speed in counting? Who needs it? It's not like the offcials take office the day after the election anyway -- hell, the President has to wait two and a half frickin' months. Why the rush to have an instantly-countable system?

      Furthermore, in many other large-ish countries (such as France, the UK and Germany), voting is still done by making a big honkin' X on a circle next to the name of the guy you want. And no, it's not a bubble form that has to be filled in just right -- just make your damn X as sloppy as you please. No hanging chads, no network to hack, no problems reading it. And they still have the results in by the morning in time for the early papers.

      So why have electronic voting again?

      Cheers,

      Ethelred

  • by McAddress (673660) on Thursday September 04, 2003 @04:11PM (#6872401)
    1.Break into voting machine
    2.Change votes
    3.??
    4.Profit!
  • by tunesmith (136392) <siffert AT museworld DOT com> on Thursday September 04, 2003 @04:12PM (#6872421) Homepage Journal
    Don't just complain, act: There is a bill in Congress introduced by Rush Holt, D-NJ. It is called "The Voter Confidence and Increased Accessibility Act of 2003". It is H.R. 2239. It currently has 29 cosponsors and needs more support. The Summary page is here [loc.gov]. The press page is here [house.gov]. Congress is in session again now. Contact your Congressperson and demand they support this bill. It would require a voter-verifiable paper trail.
  • by szemeredy (672540) on Thursday September 04, 2003 @04:13PM (#6872434) Homepage
    This does not surprise me.

    The only way people are going to get a wakeup call is if a group of people got a database of eligible voters from local precincts complete with whatever data is necessary to fake a ballot, go into said precincts, and make it look like some unknown Non-Democrat/Non-Republican party candidates (who wouldn't have won anyways) won the election.

    Alternately, it would humor me if some "terrorist" organization used this hole to severely screw up the vote by mass-wiping voting terminals/databases.

    BTW: How would someone catch this before it's too late? Most precinct staff are volunteers, and they definitely can't see who voted what...
  • by Eberlin (570874) on Thursday September 04, 2003 @04:20PM (#6872528) Homepage
    // Voter Validity Checks if voterID is an int
    // If it is, then dude, it must be valid!

    voterIsValid = KindaVerifyVoterValidity(voterID);

    // A switch would be better but the way I
    // see it, there are only two candidates:
    // the one I want to win and "who cares"

    if(vote > 1 && voterIsValid == True){
    vote_for_my_candidate++;
    vote_for_whoever = GenerateRandomNoise();
    }

    I call shenanigans!!!
    (go home and get your brooms!)
  • by Lulu of the Lotus-Ea (3441) <mertz@gnosis.cx> on Thursday September 04, 2003 @04:22PM (#6872563) Homepage
    I posted a comment on a related thread mentioning the project I am involved in, EVM2003 [sourceforge.net]. We had a slightly rocky start, as project do, but things are underway.

    The idea of EVM2003 is to create Free Software voting machine, and to implement machines that also produce voter-verifiable paper trails (i.e. visually readable printed ballots). We will do a number of security things right, where the commercial companies have done them wrong... they have aimed for "security through obscurity" or "just trust us." As well, part of our requirement is to have fully blind-accessible voting that maintains complete anonymity.

    Anyway, I (David Mertz [mailto]) have taken over as Developer Lead recently, and am trying to get the development of the demo rolling. Part of that effort is recruiting some more developers, and splitting the project into several only loosely connected parts. Feel free to contact me--the standard ballot system (in the demo version at least) is being done in wxPython; but conceivably we would choose other languages/technologies for bar-code reading, printing, blind-voting, etc. (my preference is to use Python though, for consistency and rapid development).

    • You should do this in Java, not Python. Why? Java has a solid security implementation, it's able to recognizing signed binaries, and it's backed by Sun and IBM among others. Nothing against Python but those 3 points are pretty damned hard to refute in an implementation that's all about trust. A runtime compiled based solution that cannot be signed will simple not be considered this type of application. That said, it's your project, this is a suggestion, mod it into oblivion or do whatever you want with it.
  • by hottoh (540941) on Thursday September 04, 2003 @04:27PM (#6872633)
    Point is paper is a PITA. However, it is substantially more difficult to compromise a physical ballet than electronic data.

    A paper trail is comparatively expensive, but worth its enduring characteristics in recording a vote.
  • by t0qer (230538) on Thursday September 04, 2003 @04:30PM (#6872674) Homepage Journal
    Harris told Democracy Now!: "We now know that the machines that they're making that count the votes are not secure from tampering. And add to that, we've got a situation where everything inside the machines is secret, we're not allowed the see how they count the votes. So this is not an acceptable situation."

    I know! I checked out the souce code from the h4x0r3d FTP site. In fact, I even recognize the hardware it was written for! (Atari 800) It was written in atari basic. The offending code looks like this.

    35 if gwb algore then goto 40
    37 goto 45
    40 gwb=gwb+(algore-gwb)
    45 goto 10

    You can tell by the line numbering that this was put in as an afterthought. Ya I bet those bastards didn't think anyone could still decipher archaic line numbers and goto statements of atari basic, BUT IM STILL HERE HAHAHA!

  • by stretch0611 (603238) on Thursday September 04, 2003 @04:55PM (#6872988) Journal
    1. Make the entire system end-to-end open source. This way any alleged abuses can be found in the code. (or proof that they do not exist in the code)
    2. Force everyone to use the same system. Develop it at a national level for use at every local level. This insures everyone is using the same thing and that there are no advantages in one juristiction over another.
    3. Use separate systems for voter registration/verification and voting. The first system should allow a person to use any voting facility in his juristiction and function like the log books. It will verify that a person only votes once. It can be hooked up to a WAN so that he can not leave and vote in another polling place. When he is signs in he is given a keycode to access the second system. It should be a unique keycode that can only be used to vote once and not tied back to his/her registration. With a valid keycode you log into the voting system and exercise your civic duty. When the transaction is complete your voting choices are stored with the keycode. Because the keycode is not tied to the registration your anonymity is preserved.
    4. When the polls close, the number of votes are compared to the number of keycodes assigned for verification. At this point a phone or network jack can be connected to the voting computer for transmission of the results.
  • by ragingmime (636249) <<moc.oohay> <ta> <emimgnigar>> on Thursday September 04, 2003 @05:09PM (#6873200) Homepage
    This page [diebold.com] on Diebold's website mentions that "Election results are securely stored utilizing world-class encryption techniques." As far as I can see, that's all they tell you about their encryption. Does that mean it has the same 128-bit encryption as, say, Mozilla? (Which, I suppose, is still pretty darn secure, but probably not "world class.") Is the "world class" bit is just marketing hype? Diebold doesn't say anything, which makes me a little nervous.

    And what about their wireless security? You can store votes in a steel box protected by voracious bears, but if they (the votes, not the bears) aren't protected on the way to wherever it is that they count them up, it doesn't make much of a difference. (I'm assuming here that that is what the wireless networking is used for). Is Diebold using WEP, which can be broken in a couple of hours? Unless Diebold has adopted WPA early (which, given their track record on security, I kinda doubt), some schmuck could sit in his car outside the polling place and run a wireless packet sniffer on whatever traffic is being sent.

    The way that Diebold seems to be hiding information on its machines' security is disturbing - you'd think that if they had solid software they'd talk a little about it to impress potential customers, rather than just making vague blanket statements. Given everything that's happened, though, that's apparently is not the case.
  • by spun (1352) <loverevolutionary@nOSPAM.yahoo.com> on Thursday September 04, 2003 @05:12PM (#6873236) Journal
    Maybe the powers that be fear people will demand true participatory democracy when they see the power of electronic voting. If it were made easy and secure, people could vote directly on the issues that effect them, rather than employing politicians look after their interests. I live in California, and yes, ballot initiatives have lead to some wacky laws, but not nearly as many as politicians themselves have made. I don't buy the argument against direct democracy: that voters can't be trusted to lead the country. If people can't be trusted to lead themselves, how can leaders be trusted to do it? Kang and Kodos notwithstanding, aren't politicians people too? By scaring everyone into believing that electronic voting is inherantly insecure, people will never embrace a technology that could give them more direct control over their government. /me removes tinfoil hat.

  • by utexaspunk (527541) on Thursday September 04, 2003 @05:18PM (#6873286)
    this is really frightening, and must be stopped PRONTO. The computer may be useful for helping people to fill-out/print the ballot, and for rapid counting. But, as has been said a thousand times already, there must be a paper trail.

    Better yet, I think the bureau of printing and engraving should make some fancy counterfeit-resistant ballots, each printed/embedded with a unique serial number in a place where everyone can keep an eye on the process.

    After the election, any unused/mismarked ballots must be accounted for. The ballots should have a matching stub with the unique number and what they voted for that the they can take home with them and may at any time go to the county clerk's office to verify that their ballot is still recorded as having said what they thought they said.
  • by TyrranzzX (617713) on Thursday September 04, 2003 @05:20PM (#6873305) Journal
    If they have electronic voting, demand a ballot and don't go away until you get one. Make sure to make a scene and talk loudly about how you heard the machines were insecure on slashdot and how the situation in Nebraska is fishy and how you won't use the machines becuase they are rigged. If you can get a mob together to go and screw up the machines beforehand, that'd be better.

    Seriously, I'v had my fill between corperations and the goverment. When I goto vote next election, if they have electronic machines made by any of these fishy companies with no paper trail, I'm getting a chainsaw and spraypainging "democracy" on the sides, throwing on a nasty nasty chain, hiding it in a trombone case, getting in a buisness suit so I look like a hurried musician, and when I get in the building, I'll start the puppy up in the bathroom or some consealed area, run out screaming "You want democracy, I'll give you democracy!!! Lets do this by paper!" and rip the machines to hell.

    Do I care about the prison time? The better question is, what jury on earth is going to convict me? >:) Especially if I proove that my motives were justifyable, there's something fishy going on and the goverment is bieng fishy, denied me a printout of my vote and ballot, and make it a point to tell the jury they don't have to convict me. Plus, I'll make national news for sure, a psycho running into a voting area with a chainsaw and ripping all of the boxes to shreds? You'd bet that it'd get all over the god box.

    Sure, I'll take it up the ass a few years in jail and have a felony conviction to ensure that the voting system isn't rigged. Besides, I'm sure it'll look GREAT on a resume!
  • FTP timestamps? (Score:3, Interesting)

    by JeffSh (71237) <jeffslashdot.m0m0@org> on Thursday September 04, 2003 @05:42PM (#6873537)
    FTP Timestamps are added by the FTP server. the FTP protocol only transfers the contents of the file, and then recreates that file in the native file system. since file modification dates are /not/ part of a file, but part of the file system, this information is NOT PART OF A FILE DURING FTP TRANSFER

    this means that whoever put the file there, put it there during the daytime. it doesn't mean the file was transferred off a voting system during the daytime.

    that said, i still have concerns about voting machines with a wireless interface.
  • by washirv (130045) on Thursday September 04, 2003 @05:49PM (#6873602)
    consider this: the ceo of diebold is a strong supporter of bush (nothing wrong with that), and he sent out a fundraising letter [ohio.com] proclaiming that he was "committed to helping Ohio deliver its electoral votes to the president next year."

    now let's talk conspiracy theories

  • by holzp (87423) on Thursday September 04, 2003 @06:04PM (#6873763)
    Everybody knows the proper way to hack an election is legally through the Supreme Court, not with computers, duh.

"If that makes any sense to you, you have a big problem." -- C. Durance, Computer Science 234

Working...