Diebold Election Audit Logs Defective 256
mtrachtenberg writes "Premier Election Solutions' (formerly Diebold) GEMS 1.18.19 election software audit logs don't record the deletion of ballots, don't always record correct dates, and can be deleted by the operator, either accidentally or intentionally. The California Secretary of State's office has just released a report about the situation (PDF) in the November 2008 election in Humboldt County, California (which we discussed at the time). Here's the California Secretary of State's links page on Diebold. The conclusion of the 13-page report reads: 'GEMS version 1.18.19 contains a serious software error that caused the omission of 197 ballots from the official results (which was subsequently corrected) in the November 4, 2008, General Election in Humboldt County. The potential for this error to corrupt election results is confined to jurisdictions that tally ballots using the GEMS Central Count Server. Key audit trail logs in GEMS version 1.18.19 do not record important operator interventions such as deletion of decks of ballots, assign inaccurate date and time stamps to events that are recorded, and can be deleted by the operator. The number of votes erroneously deleted from the election results reported by GEMS in this case greatly exceeds the maximum allowable error rate established by HAVA. In addition, each of the foregoing defects appears to violate the 1990 Voting System Standards to an extent that would have warranted failure of the GEMS version 1.18.19 system had they been detected and reported by the Independent Testing Authority that tested the system.'"
can we at the very least sue them (Score:5, Interesting)
for providing a defective product?
Re:Fraud (Score:5, Interesting)
life sentence.
seriously. one of the purposes of jail is to send a CLEAR MESSAGE that behavior such as this is not to be tolerated.
and no hiding behind corp names - individuals at the top of the company should do jail time. no debate about that - they must directly feel the pain for the LOSS OF DEMOCRACY we suffered.
200 yrs ago, give or take a few, people would be HANGED for this for treason. how is this not treason?
I don't agree with hanging but I do agree with a 20+ year jail sentence. let the CEO's of the world know that there are some things that are so holy, you JUST DON'T MESS WITH THEM. democracy and fair voting is such a fundamental thing.
a message should be sent. mandatory jail time with 20 years min. drug offenders who do FAR less damage to society are doing this today; why not punish REAL criminals for a change?
Re:Fraud (Score:3, Interesting)
One day the wrong group of folks will feel very disenfranchised, and will go all Athens, Tn [wikipedia.org] on 'em.
Deibold fakes physical addresses (Score:1, Interesting)
http://rawstory.com/news/2008/Diebold_offices_listed_in_yellow_pages_0222.html
Out of 13 listings in Florida, 5 turned out to be Wal-Marts. Similar office listings have been uncovered in Alabama, Mississippi, and New Hampshire. Since the office listings exist in each state and not just in Utah, it is probably unlikely that the corporate branch in every state is acting independently of each other.
Just a thought - why should they be trusted if you can't trust 'em to give real physical addresses to their offices?
Re:Fraud (Score:5, Interesting)
In which case the engineers who signed off on the thing and any executives who knowingly pushed defective gear out the door would be punished and sanctioned.
"Hold a voting machine to similar standards as critical care life-support? that's ludicrous!", some might say. But if a corrupt group of politicians could rig the machines to get into power and (hypothetically, of course) start a war and that would cause many more deaths than some spurious bug in some medical equipment.
Re:The real problem (Score:3, Interesting)
If memory serves, Diebold supposedly landed in the voting machine business by acquiring another company (name escapes me, but I imagine somebody knows what the name was.) As such it's possible that the group of people working on the "flawless" ATM machines are not the same group that worked on the voting machines.
Re:Fraud (Score:3, Interesting)
200 yrs ago, give or take a few, people would be HANGED for this for treason. how is this not treason?
Simple. When those in power change the definition of "treason" to "supporting terrorism" where the definition of "terrorism" has been changed to "voicing disapproval with government policy" and so on and so forth.
Old Version? (Score:3, Interesting)
Re:Fraud (Score:3, Interesting)
you want treason?
what about the statement on record from diebold saying they'll do "everything possible" to ensure the republicans get into office (years ago).
this raises doubt.
the trail of 'bad machines' raises the bar even more on doubt.
now, this company makes cash machines and from what I understand, they are exact to the penny. and thousands more people use these (per day!) than the once-every-few-years cycle of voting.
why can't they be held to their own data standards? a diff data standard for money vs votes? why would that be tolerated?
analogy time (no cars): if I see you are an artist and have painted amazingly accurate portraits of people and I hire you to paint one of me - and you give me a POS and say 'this is the best I can do' - you should be able to sue them since they have established a standard of quality they CAN meet and yet chose not to on a certain occasion. this is neglegence and could be fraud if it was intentional. the ceo's statement sure makes it seem like they have been intentionally doing Wrong Things(tm) for a while, now.
if it walks like a duck, .....
lock the CEO up. the buck stops somewhere. and include any gov officials that BOUGHT OFF on this. have them fired and their retirement bene's removed. that might be fair punishment for fucking up the voting system and allowing a bunch of gangsters to control who receives *counted* or tallied votes.
How hard can it be? (Score:5, Interesting)
Results are determined thus:
There are 6 counting methods available in this scenario (2 CDRs, 2 scantron auto reads, and (if needed) two manual reads).
All that needs happen is that 4 of the 6 counts match up. CDRs are almost guaranteed to match up, so that's two (and if they don't match up, there has been some type of tampering or system failure, and we move from the CDRs into the Scantrons). After that, if the two scantron autoreads match up to the CDRs within the margin of error, then we know that the votes were counted correctly (3 items were not reviewed by the voter, but those 3 items match up with the voter reviewed cards). If, after looking at these four counting options, we do not have four matches (One of the scantron autoreads doesn't match the other three, or one of the CDRs is corrupted or unreadable, etc.), we do the manual counts. If we do not have 4 matching counts at this point, the votes are not valid, and a revote is required.
Yes, this is an "armchair" analysis, and I'm sure has some holes in it, but how in the heck is an Access Database with VB triggers any better than this armchair analysis?
Re:Fraud (Score:2, Interesting)
http://www.commondreams.org/headlines03/0828-08.htm
from this link: The head of a company vying to sell voting machines in Ohio told Republicans in a recent fund-raising letter that he is "committed to helping Ohio deliver its electoral votes to the president next year." The Aug. 14 letter from Walden O'Dell, chief executive of Diebold Inc...
Re:Fraud (Score:2, Interesting)
Politics can be slow. We're just lucky it didn't take three.
Re:Too bad, so sad (Score:3, Interesting)
Yes, overturned Pharamacists being able to deny me a doctors perscription due to "religious beliefs". Being in a strong Religious community, this is very important to me. My wife would appreciate our birth control perscription now without having to drive to an open minded pharmacist.
Have a look at Venzuela.... (Score:2, Interesting)
Re:can we at the very least sue them (Score:5, Interesting)
I guess that means people should keep that in mind when they see a Diebold ATM. Who knows how much it might debit your account when you withdraw funds.
Re:Not ***ADEQUATELY*** explained by incompetence (Score:3, Interesting)
Why is it whenever some apologist trots out Napolean's quote to "prove" that incompetence should always be assumed instead of malice, they always leave off the very important qualifier, "adequately"?
First, I'm not an apologist for anybody, jackass. I'm a cynic. I've just known enough morons to realize that stupidity truly has no bounds. See below.
Can all the gigantic, mind blowing holes in Diebold's software be ADEQUATELY explained by incompetence?
Absolutely. Right now, I'm part of a multi-company team on a government contract. One of the performers (over which I have no control) is creating a disastrously mangled codebase that does nothing but pull data from a database and make it available over a network. This has taken these morons about 8 months, cost a fortune, and currently requires 1.3GB of memory (!) to run. It has no more capability than about 100 lines of C++ code interfacing with MySQL, and requires a stack of about 10 different products that are constantly breaking. Compared to these fuckwits, Diebold is a bunch of geniuses. And this is just a minor example that I'm personally familiar with.
Anybody who says this couldn't possibly happen by accident hasn't worked in government contracting. Trust me, buddy...this is nothing. Go look up SAIC's bungled attempt to provide the FBI with modern software, which was scrapped after $200M because it would have been cheaper to start from scratch than make it work. I could go on for days with colossal disasters in government acquisition.
Not in my opinion. YMMV.
Then you're lucky to have never been party to such a disaster. Because I've personally seen and can cite examples of far worse. It usually involves government. If you ever want to see fuckups that are well beyond what normal people would think are conceivable, get into government contracting. Not to say that all government work is bad (I work for a contractor), but sometimes big contracts go to companies that can't execute them, and there's just not much oversight.
So can this be explained without nefarious conspiracy theories? Yeah. It can. Incompetence is more than sufficient to explain this exact behavior. Which is why proof of the malice is required, because stupidity is so utterly ubiquitous that it effectively forms the cynic's version of Occam's Razor, which is the quotation I originally cited.
Basic Audit trail should track ALL changes (Score:2, Interesting)
And haven't these folks heard of logical deletes instead of actually deleting it? Use a delete flag, folks! I find it amazing that such concepts are strict requirements for simple things like clinical trial systems, and regulated heavily and audited regularly by the FDA, but our voting system has no such regs or audits.
Re:How hard can it be? (Score:1, Interesting)
I like the system we have here in the UK:
1) Go into polling booth and make an X on a piece of paper next to the candidate you want.
2) see your paper with your vote on it drop into a locked and sealed box.
3) unseal/open the boxes and tip out onto a big table in public, in front of the press and candidates (or their officers).
4) Have uninterested, vonunteer members of the public count the votes, overseen by anyone who wants to show up, including the press and candidates, and allow them to see any ambiguous/spoiled ballots and how they were counted.
5) If the difference between 1st and 2nd place is within a defined error margin, allow a recount.
This system is great because the entire thing is done in public and there are very few ways to rig the vote. I know that in the US there are more votes to count, but with something as important as this you should take your time and do it properly; so what if it takes a day to find out who won rather than a few hours?
IMHO electronic voting is just a solution looking for a problem.
As a side note, I just wish we had someone over here worth voting for...