Election Officials And Crackers Challenge Diebold 219
Rick Zeman writes "The Washington Post is reporting that election officials in Florida have manipulated election results in controlled tests. From the article: 'Four times over the past year Sancho told computer specialists to break in to his voting system. And on all four occasions they did, changing results with what the specialists described as relatively unsophisticated hacking techniques. To Sancho, the results showed the vulnerability of voting equipment manufactured by Ohio-based Diebold Election Systems, which is used by Leon County and many other jurisdictions around the country.'"
Surprise, Surprise, Surprise!....NOT! (Score:3, Informative)
North Carolina had the same problem with their voting machines (http://www.techdirt.com/articles/20051130/112120
The only new thing here is the current state finding Diebold non-compliant.
Insanely poor program architecture (Score:5, Informative)
If I prepared work like that for a client, I'd expect to get chucked out by security.
I'll also note the following:
a) Diabold say that a paper trail is not needed for security, but provide one on their own ATMs. Apparently independent verification of election results is less important then $$$ transactions.
b) Both local and remote vulns have been demonstrated on their voting machines, but the ATMs have not been pwned.
c) Diabold refuses to let the source code be reviewed, and chose to run on Windows XP so neither the program or the OS of the box can be verified safe.
d) Diabold machines can have the vote totals rewritten on their memory sticks as they do not cryptographically sign or encrypt the totals. That's plain text on a card that can be removed from the machine and has a standard file format.
e) Diabold security is fucked whether or not they put the same code they have tested on the box. With tested, verfied boxes they cannot add XP security patches for known flaws after te verification date (and if there is one thing worth keeping an 0-day for...). If they do add security patches etc then we are trusting closed source biaries to be added to election counting machines without the possibility of review. One bad actor and the elecetion is up for grabs.
No thanks. I'm not usually a conspiracy theorist but is is as if they were designed to be broken into.
Would a BSD box with one simple program, output to the framebuffer, a results paper trail and a constant SSH tunnel to the FEC be that hard? *sighs*
Fuck Diabold.
The guys in power don't care. (Score:3, Informative)
Fact is, CEO's and friends of voting machine companies get into power. Why? Guess. It isn't the 20% of the vote they need to swing; it's the 6% after they've divided everyone on the issues. Voting laws and policys are consistantly broken, and is anything done about it? The answer lies in the question; Has anyone been taken out of power yet? Dictatorship only works if people are divided; if they stand for something and stand by it for hell or high water.
And I might, just might give credit to the guys who said "well, it's stil the will of the people" if it weren't for that they can't prove their position since there's nothing for them to count. The election board can't even tell them who voted for who so they can go around asking people.
Of course, the best way you can tell the government you don't like what you're doing is to decide you stand for something and stand for it tall. I personally chose the constitution; it ain't perfect, but it's something everyone can agree on. Of course, ever since the civil war and reconstruction the constitution's layed dormant. To make a long story short, if you want to get rid of the current government, the best way is to simply stop working for them; stop giving them your money. How do you do that? Well, basically the 14th amendment set you up to be a federal citizen by the name of a "U.S. citizen" and social security turned you into a corporate legal fiction so that income tax, which worked only on corporations, now works on you. How do you get out? You rescind your federal citizenship, declare your citizenship of your state as it was before reconstruction, rescind your birth certificate (to remove proof of being under the 14th), rescind your social security (to correct your status as a soverign instead of a corporation), then begin rescinding everything else; drivers lisence, fishing lisences, gun lisence, any contract with the federal government and it's munincipal corporations (read; the states are corporations). You can get a non-binding play-ID from the SS office if you want to get a bank account, for example. Then you simply stop paying income and social security taxes, atwhich point you stop giving the government 30% of your income and begin working to reinstate lawful government in your state via holding elections and office and organizing locally. More to the point, if enough people do it quickly enough, the federal government will have about 10 trillion in debt to pay off, and no way repay it back which means a massive collapse.
The price? Reading a few books; learning how history, governments, and legal documents work. Mabye $500 in books total. A good place to start is here:
http://www.usa-the-republic.com/revenue/true_hist
Do a find for john ainsworth and ed wahler on this page
http://mp3.rbnlive.com/Stadt06.html [rbnlive.com]
They've been preparing a book and an organization to do this on a massive scale. The book comes out in march-ish along with the publicisation of the startup and they hope to do it state-by-state.
Re:The guys in power don't care. (Score:1, Informative)
http://yro.slashdot.org/comments.pl?sid=174700&ci
Re:Umm (Score:3, Informative)
I'm not sure what the grey ones are - possibly articles in other sections that wouldn't otherwise make the front page (as someone else suggested).
Have a look at your preferences - there's a new part in the front page section that lets you choose whether or not to display the grey bars, or whether to show the full stories for all, grey bars for all, etc.
Not that sort of paper trail (Score:5, Informative)
The election officials keep the paper ballots, machine printed recepts that is, so that in the event of a dispute they can be hand counted. Since, theoretically, every voter looked at their recept and verified that it recorded what they truly intended to vote for, if someone hacks the machines and falsifies the votes recorded there, the paper ballots get the final say in the event of a dispute.
It also gives you a good indication of where the falsification of the electronic votes got started since you can say: hmmm, district 123 shows 4000 votes for candidate X on the computer, but the paper ballots only show 1000 votes for candidate X, who messed with the machines in district 123?
Essentially we're keeping the old paper method of vote recording as a backup in the event that its suspected that someone hacks the machines.
Re:The Bush family is the most corrupt ever. (Score:1, Informative)
Weak. (Score:2, Informative)
Diebold is a fine example of how the small-mindedness of some people manifests itself. Particularly, it shows that proprietary softare and oafish business practices are next of kin.
But it has nothing to do with President Bush.
You defend Moore's dishonesty, but tout Diebold's ineptitude as evidence of President Bush's alleged corruption because his brother is governor of Florida?
That's some strained reasoning.
Re:The Bush - Osama link (Score:3, Informative)
That's funny, it was strong enough of a point for the Bush administration, they had a citizen of Canada "renditioned" to Syria for more than a year [www.cbc.ca] for working with the brother of a known terrorist.
Someone already is. (Score:5, Informative)
There's an organization called the Open Voting Consortium [openvotingconsortium.org] whose mission is "the development, maintenance, and delivery of open voting systems for use in public elections." They are directly opposed to the shenanigans that Diebold has engaged in.
Problem is, they spend their donations on actually developing the system, not in paying off Congressmen to give them lucrative exclusive contracts. Still, one can hope that it changes someday. (And donate to support the effort...)
Re:Paper trail is a red herring. (Score:3, Informative)
A standard should be set for the ballot and the voting software's capabilities, and then several companies' equipment set up at every station. In fact, if these all generate a standardized paper ballot, then the counting process could (and should) be completely divorced from the voting process, perhaps even an additional vendor could deal with this task. Increasing the number of vendors perhaps increases the risk that one will act in bad faith, but decreases the damage one such vendor could do. I mentioned in a post in an article some time ago how this kind of setup could help guarantee correct results without devolving to random manual recounts, by simply requiring all machines to produce a machine-and-human readable ballot, with these ballots machine sorted and counted. Should there be any question of whether the sorting machine is correct, one must only flip the ballots like a flipbook and watch the line in question, any improperly sorted ballot will be easily caught. Should there be a question of the counting machine's integrity (this would be hard to do, since a stand alone counting machine should be unable to know what is being counted at any time) then a different counting machine could be substituted. This leaves incompetence and malice in the human component, and with oversight from independent election observers, the risk of the latter can be reduced. Counting ballots before sorting and comparing the total to the grand total of sorted votes will cut down on chances of the former causing someone's stack of votes to be accidentally lost.
Old news (Score:3, Informative)
--Paul
Disclaimers: I have been working with the good folks at TrueVoteMD.org [truevotemd.org] to get the d*mned things banned in Maryland, my home state; I'm also a plaintiff in a lawsuit in Maryland that seeks to force the Maryland State Board of Elections to follow exsting state law and get rid of them.
Re:Weak. (Score:1, Informative)
You say that Diebold's ATM machines haven't been broken, and not for lack of being a juicy target. You're right, an ATM machine might be a juicy target. But you would have to know way more than the workings of Windows XP in order to extract cash from them. But the main reason you haven't seen them broken into? Because they're not on the Internet. The banking ATM network is a completely separate network, or so I have been told by a friend who is the IT manager at a local bank. There's the Internet, there's the bank's internal network, and then there's the ATM network (not to be confused with the ATM protocol).
But just to show how secure Diebold's ATM machines are, take a look at this article: Nachi worm infected Diebold ATMs [securityfocus.com]. These guys *ARE* a bunch if inept oafs who have no businesses in the banking or voting industries.
Why paper ballots don't work in the US (Score:3, Informative)
In 2004, here in Columbus (Franklin County, Ohio) we voted for 57 different offices, judgeships, city/county/state initiatives and referenda. If you multiply that out by the 590,000 votes cast, then you see why electronic balloting is a necessity.