Observer Pans Touchscreen Voting Test 278
riversidevoter continues: "WinEDS, the program that is used to count votes, was only tested in a pre-election mode. The software was not tested in the configuration that it would be in on election day.
In addition to that, people signed a form that said that they had verified the results of the test before the test had finished running. Mischelle Townsend, the Riverside County Registrar of Voters, told Salon that the form that people signed was just an attendance form. But the form clearly states 'We the undersigned declare that we observed the process of
logic and accuracy testing of voting equipment performed by the Riverside County
Registrar of Voters, as required by law and that all tests performed resulted in accurate
voting of all units tested, including both touchscreen and absentee systems.'
You can see a copy of the Salon article here. You can see a copy of the form that people signed here.
I also believe that the observation group that witnessed the test was given a misleading description of Sequoia's system. For example, the fact that the votes are transferred from the DRE to a SQL Server database to be counted was never fully disclosed to all the members of the group.
Also, the sheer number of times that the phrase 'proprietary operating system' was used, among other things, helped to create the impression that Sequoia's system is not as reliant on Microsoft Windows as it really is.
I have created a website about this issue; please take a look at it.
On the website you can find my report on what happened that day (which outlines several problems I haven't mentioned in this posting) as well as some supporting documents. There is a letter and a note from Mischelle Townsend in which she mentions mailing the results to people or having the test results be picked up 'afterwards'...."
Unfortunate. (Score:5, Insightful)
Oh man... (Score:4, Insightful)
Re:Oh Boy.... (Score:3, Insightful)
this is the most serious threat to America (Score:5, Insightful)
Since the most basic steps to provide security are not provided here, it is clear that the intention is to make a system that has completely compromised the validity of US elections. For some reason the mainstream media has not taken note of how serious an issue this is. The people involved in the current electronic voting plans can not be trusted AT ALL. They either want to subvert the voting process themselves, or want to create a system that is easy to subvert at a vastly lower cost than current systems.
What can be done to raise awareness of this issue? How can people be convinved that we need elections that are not trivial to subvert? Is the American public so apathetic as to make this an impossible task? Are we completely doomed?
Known OS to hackers (Score:4, Insightful)
The old question/answer "Why did you do it? Because it was there." tells the story of what will happen regardless of the OS chosen.
I'll admit that the script kidz may be able to hack-the-vote with a MS SQL server backend but I would hope that the network used (or whatever format of data transfer) would be a little more robust that a windows box in a DMZ.
But I'm sure that with a few days of coding it could be released from the bonds of M$... it is just SQL, right?
A piece of paper and a big X (Score:5, Insightful)
Sure, it may take a few hours to count all the votes, but they're verifiably countable and recountable, and seem good enough for most of the other countries in the world. Why does there have to be an electronic solution to this non-problem?
Seriously (Score:4, Insightful)
Re:Unfortunate. (Score:5, Insightful)
Re:Accuracy could be easily assured... (Score:5, Insightful)
Use the computer to help the voter prepare the ballot, print it out, and then have the voter hand carry it to the ballot box.
The computer can keep a running tally, but at the end of the day if the tally does not match a hand count of the box contents, then the ballot box is the only correct representation of the will of the voters.
It is easy to teach the average monkey to keep an eye on the ballot box for tampering, and to hand count the contents. Teaching the average monkey correct computer security skills is impossible, so that source of problems must be factored out.
Paper and Risk Assessment... (Score:4, Insightful)
That physical record of a vote is a crucial piece of evidence -- if there are no physical records, that's one less thing for any "bad guys" to have to worry about. It's one less audit point for any corrupt party.
With the input and compilation of data all within the same system of computers now, corruption can happen at any step -- input, processing, reporting, or combination -- with no "independent" physical record to be audited that might expose the corrupt results. Imagine a zealot programmer hacks a kiosk and tells it to re-write the votes after confirming it with the voter. The number of voters on the register would match the number of votes cast, so this would be difficult to discover -- there would be no physical records, which can be re-tabulated independently of computers.
Elections are high security risks, historically. Paper is not inherently evil. Just because paperless systems are possible, doesn't mean they're preferable. The more physical evidence, the better, I say...
Never implement a high-tech solution... (Score:3, Insightful)
Or even: If it ain't broke, don't fix it.
Yeah, that's the one. Cards work good.
Re:Paper and Risk Assessment... (Score:4, Insightful)
It's a piece of evidence that has to be stored by a process and made retrievable to the public. If any step of the process is violated (say, by someone trying to tamper with or destroy the evidence of the votes themselves), it points to the responsible party. That's what a good process does.
The purpose of electronic voting (Score:2, Insightful)
It has to do with recounts. The purpose is to have a system that will always give the same result after every recount. Recounts make people unhappy because the result is never the same, so people assume the the mistakes continue to exist and are in favor of the other guy. We want the voters to be happy.
Anonymous? Hell no... (Score:5, Insightful)
1. CREEP announces that they'll give $200 to anyone who votes for person X
2. Joe Public says "OK, I'm in"
3. Joe Public votes for X and remembers his PIN number
4. Joe Public goes to the local CREEP office and tells them their PIN, their VRN, and who they voted for
5. CREEP, using the freely-available hash function, creates their hash using the supplied information
6. CREEP then checks the list and sees if the vote was recorded
7. If yes, $200
Now replace "CREEP" above with "The Mafia" and "$200" with "the life of your family." Now you see the problem.
My proposed solution has always been the following:
-Vote on a computer (with a well-designed interface), which records votes and prints out a receipt with the name of the candidate and a simplified 2D barcode on it.
-Have a poster on the wall inside the boot saying "if you voted for X, your barcode should look like this"
-Deposit the recipt in the ballot box on the way out, as usual.
This allows us three counts: the machine, the barcodes, and the names. Any political party can request a count based on the barcodes, and if it's close they can get one based on the names on the ballots. As far as I can tell, this system is - at worst - no more prone to fraud than the current paper-based one. And you can't buy votes, since no personally-identifiable information is stored on the receipts (which voters can't keep anyways).
There's probably a logic gap in my solution: any suggestions?
Re:Not to rain on your parade, but... (Score:2, Insightful)
It isn't even necessarily the problem of crackers breaking into the system and tampering with the votes. you don't have to be connected to the Internet to be vulnerable to errors. Maybe you've been lucky and never gotten a BSOD.
Since this system apparently isn't well tested, there is nothing to indicate whether it will fail or not. As an alternative to remaining in the "ignorance-is-bliss" state, he seems to advocate more thorough independent testing, so we can be sure that the machines are capable of what the vendors say they are.
Re:Not to rain on your parade, but... (Score:3, Insightful)
What are my qualifications for making these judgements? Well, twenty years of software engineering experience, for one thing. You can look at my resume here [exit.com] if you want more details.
I don't know Jeremiah's qualifications, but in my professional opinion, his conclusions seem sound. At the very least they raise serious questions about the methodology used for these "logic and accuracy" tests, questions that should definitely be answered before the Diebold devices go into service.
Too bad they are already in service. Oops.
(Oh, and thank you to those who have been kind enough to donate to the upkeep of the site. Being out of work makes life a tad complicated and every little bit helps.)
Re:Accuracy could be easily assured... (Score:2, Insightful)
Some of the Diebold people arguing against printing copies are mumbling about the expense of printing, but that's a load of marlarky. They don't need to print much information, only the candidates that the voter actually selected, and the others can be ignored. In addition, the machines already have printers, because certain reports have to be produced in any case. Ink and paper are really trivial expenses--the big cost is support to make sure the machines keep running properly during the election, and that expense is going to be there no matter what.
Of course, in the case of contested elections, there are some extra costs for checking, but it's crazy to argue that any system is so perfect that there will never be any reason to check it carefully. Especially with something like elections, where the stakes are so high.
Re:Unfortunate. (Score:5, Insightful)
Re:this is the most serious threat to America (Score:4, Insightful)
Okay, I don't mean that literally, but there is a world of difference between knowing that something is a machine and having any idea of how it works and how it interacts with other machines, and how that interaction may affect you, personally. How many individuals do you know that are perhaps computer literate to a degree, but depend entirely upon someone else to handle the inner workings of their systems? They have no choice but to accept the word of their local computer expert. Unfortunately, when that "expert" is on TV singing praises for the latest, greatest electronic voting system people will be inclined to accept what he says.
You and I and the majority of Slashdot readership may understand the fundamentals of computer and network security, but the vast majority of Americans do not. This doesn't make them stupid, it just means that they aren't computer experts. There is simply no reason that citizens should be required to be expert in such an arcane field of knowledge just to be confident that they are casting their votes the way they think they are. It is an affront to ask Americans to risk giving up one of their most cherished rights in exchange for speedier election returns. I mean
My feeling is that with something this vital to our future, we should simply stick to basics, to something that Joe Citizen does understand and accept. After all, this isn't a nation of technojocks, it is a nation of all kinds of people, people that have a right to cast their vote and have it be counted (properly!) A paper ballot may be low-tech, but it does the job perfectly well, and is a damn sight harder to subvert than any electronic voting system will ever be.
The voter should cast a human-readable paper ballot as he has done for over two hundred years. It works, its been time-tested, and I've not yet heard a government official give a definitive answer as to why we need to change. If it is proven desirable to have an "electronic voting system" involved in the proceedings, the system should scan the vote already officially cast (and recorded!) on the paper ballot. In other words, the computer should simply be a tabulator, not the official legal repository of our votes. They can keep their touch-screens.
Re:Oh man... (Score:5, Insightful)
Who moderated this statement as "Flamebait"? It's absolutely true and I hope you get metamodded to hell.
Newer does not always equal better. Touch screen voting is not even a solution looking for a problem. It's a problem posing as a solution looking for a problem. It's so absurd. Advances in technology are not automatically a good idea. They should solve more problems than they create.
Is there really a need for computerization here? People who would scoff at the idea of robotic prostitutes will blindly accept the idea of computerized voting simply because it gets computers involved in the election process. Why is this automatically considered a good thing? People see pretty colored lights and they think it means their vote is safe and secure. It doesn't. It merely implies that the votes can be tallied more quickly than before- at the cost of a greater risk of fraud. But elections are held in November. Elected officials take office in January. This gives us two months to count votes, which means we should be optimizing for accuracy, simplicity, reliability, and verifiability. Not convenience. Not speed. Computers should stay the hell away. People perceive this strange need to make elections "modern" to avoid disenfranchising voters, and it makes no sense.
Is it such a hardship to live in a country that counts its votes slowly? What was wrong with punched cards? They actually performed very well in Florida, which was an extreme test of any electoral system- to a resolution of a few hundred votes. Most elections don't fall that close to a tie. And you certainly didn't need to worry that someone stole your vote. Touch screens are devices for disenfranchising voters. The original poster was right. Electronic voting should be unconstitutional.
Some things do not need to be optimized for speed and efficiency above all other concerns. Sex is one of them. Elections are another.
Re:this is the most serious threat to America (Score:3, Insightful)
I'm personally more concerned with the indifferent attitude of the various companies involved, and the (apparently) poor quality of their products. Regardless of whether you feel that Americans are apathetic towards voting, the fact is that it is an important process, too important to be left in the hands of incompetents. And they can sue me if they like: I have enough legal guns in my family to withstand it and make a few bucks besides. I'll put it toward's the parent's legal defense fund.
And let me add that, given the state of the world today, if you honestly feel that there aren't people and organizations that are salivating at the mere thought of transparently influencing the U.S. election process, then you are the bigger fool. There are many, many people who see nothing wrong with giving millions of dollars to a favored political candidate in a naked attempt to influence the outcome of an election, because they feel that would benefit them, personally. I don't doubt that a certain number of those would pay to have election results altered more directly, with no obvious connection to themselves. And that is only one possible scenario: I'm sure a few foreign powers would like in on the bidding as well.
The point is, yes, it can happen here, and probably will if we don't take at least some basic steps to prevent it. It's not like election fraud hasn't occurred with monotonous regularity in the U.S. Heck, I live near Chicago, which has a long history of vote-tampering. Supposedly it's gotten better. Or maybe just better hidden. How can you tell?
Allowing companies with not the slightest clue about computer and network security to manage the election process, is well
My letter (Score:5, Insightful)
Recently, there has been a rise in the number of stories in the press surrounding the topic of electronic voting. I live in Oregon where we have chosen to vote by mail. At first, I wondered exactly why my State chose this route because electronic voting seemed to be attractive for a number of reasons.
After reading the various news stories and web postings present on various Internet web sites and forums, I have come to the realization electronic voting in its current incarnation is a highly suspect process.
The majority of voting machine manufacturers today wrap the inner workings of their machines inside contracts and licenses designed to cloak their products in secrecy. These cloaks when combined with the current state of intellectual property law make it difficult for the American people to understand and discuss the nature of the machines and their potential effect on the democratic process.
The American people need to engage this issue with all the facts at hand. The spirit of the law is not in line with the letter of the law in this case. The action of your students is commedable and worthy of your support.
"Those who cast the votes decide nothing. Those who count the votes decide everything." --Stalin
The right to vote is one of the founding principles behind our great nation. Changes to this process will have nationwide consequences on our society that we might not understand, but for the actions of a few people concerned about preserving the trust inherent to the core of the democratic process. These changes will affect each and every one of us and should not be made lightly or without due consideration of all the facts involved.
I urge you to consider the nature and purpose of the student actions along with the potential issues at hand before rendering your decision.
Respectfully,
( name )
Re:Oh man... (Score:4, Insightful)
Re:Unfortunate. (Score:2, Insightful)
--Stephen
Re:Accuracy could be easily assured... (Score:3, Insightful)
If you can't trust the main voting system, what makes you think you can trust the verifying system? Surely they could lie in concert?
Votes have to be human readable first, and computer readable second.
Re:The next revolution = voting. (Score:3, Insightful)
Depending on the legal implications of falsifying that record, it might ought to be scaring some pretty big fish. It depends on how official that document is, and what sort of rules that state has to govern such things.
Let's hope it's some ridiculously harsh prison sentence for the highest authority who knew or should have known the results were forged. We already have some names. I think the Attorney General should be getting bags of mail on this already.
Media silence (Score:3, Insightful)
However, if these machines are already in use, the next step would surely be legal action? Someone with the right to vote in an election should demand the right to cast their vote by means where there is proof their vote will be counted.
Re:Oh man... (Score:3, Insightful)
if computers do the job - great. but they -need- to be only used to simplify the creation of the physical ballot. just like the mechanical machines before them.
why not just have a touchscreen computer laserprint out a scantron-style form with the selected votes (computers allowing reviewing and undoing - -good- features) - and then just have the vote counters pass the ballots through a scantron machine to count them?
you have a count of voters who came to register so no one voter can cast more ballots than they should be allowed to, and the storage system is completely removed from the voter so that no malicious voter can modify another's ballot.
the ballots are machine made and machine read - there's simply no possibility of a 'hanging chad' type instance.
but regardless, there should be no databases for votes. no internet access. no network existing between voting machines.
and while i'm on the soapbox: IRV NOW!
Re:Civil Disobedience against DMCA and Diebold (Score:3, Insightful)
Although they do 95% of their voting using a more reliable technology (optical scan machines and paper ballot cards), they use the Diebold touchscreen units for accessibility reasons - it supports audio-only voting for visually impaired voters using a numeric key pad for navigation, etc.
So, here's how a Diebold engagement works for the touchscreen units. They send a representative up to program the units with the appropriate races, candidates, etc. They use a plain old windows workstation and an application that appears to be Visual Basic. This application stores election metadata in a MS Access or SQL Server database. This metadata is then transferred to the touchscreen units over a LAN. It appears to me that the touchscreen units are Microsoft CE boxes. Can't be sure about the database format they use on the touchscreen unit to store this metadata and the actual votes but I suspect they use Microsoft Access.
The Diebold staff provide a few hours of training for the staff who have to manage the machines. During the election, Diebold staff are not on hand, although they do show up at the end, when it is time to aggregate results from all of the touchscreen units. Diebold staff download the data from all of the touch screen units to a central aggregation point for which takes on the responsibility of totaling the results. Now, I know what all of you conspiracy theorists are thinking but note that election supervisors can print paper aggregate totals from each machine before this happens.
My observations:The touchscreen units do not have an administrators manual that election supervisors can use for the purpose of understanding how to manage these machines. When prompted about this, the Diebold representative replied that there were no manuals and that you shouldn't need them - "the machine is intuitive."
One of the things that the Diebold representative expected was within the realm of capability for non-technical staff:
- Put a PCMCIA Network card in the touch screen units & attach the appropriate ethernet cabling
- Assign the touchscreen unit an IP Address (FYI: DHCP was mispelled in their UI, I think it was 'DCHP')
- Specify the network address of the host machine (i.e., the workstation that has the election metadata)
- Provide the path name on the host machine to the election metadata file
- Download the election meta data to the touchscreen unit
I didn't actually fully execute this use case - it wasn't clear to me how this part would work & I wasn't prepared to do anything serious without a manual. Anyway, that, in my opinion, goes way beyond what a non-technical person is capable of doing themselves without a manual.That matter aside, my view is that machine is in general, not intuitive, as the Diebold rep claims. Although machine only supports somewhere in the neighboorhood of 9 use-cases for the supervisor user and none them involves more than a 2 step flow, it took me about an a couple of hours to figure out how to manage an election on it. Further, I wouldn't have been able to do it if it weren't for some of the cryptic notes that one of the election workers scribbled down about programming voter cards when the Diebold rep was running the training session.
My point: We need to trust election results. One important factor is that we have to have confidence that election supervisors are capable of properly administering this equipment. My view: limited training + no manuals + non-technical administrators = potential for disaster.