Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
United States Your Rights Online

Touch Screen Voting Industry Circling Wagons 602

bhoman writes "Salon has an interesting article/interview with the author of a forthcoming book, Black Box Voting, by Bev Harris, that looks at electronic voting machines, especially Diebold touchscreens. The story includes incriminating internal memos, cease and desist orders from Diebold, transcripts of an industry teleconference where Harris Miller of the ITAA brags of his lobbying experience, and documentation of a backdoor via an Access MDB with no password. This is for software currently being used in 37 states. "
This discussion has been archived. No new comments can be posted.

Touch Screen Voting Industry Circling Wagons

Comments Filter:
  • How much longer until a major newpaper picks it up?
    • by AllUsernamesAreGone ( 688381 ) on Tuesday September 23, 2003 @08:56AM (#7033370)
      Depends how much they try to overlook it.
    • by aqfoo ( 686118 ) on Tuesday September 23, 2003 @09:02AM (#7033420)
      I' waiting for this to happend, but it seems americans (USA americans, that is) don't give a damm for basic democratic principles. "The vote is secret" but a black box can record the order in which votes were cast, and *anybody* in the room knows the order in which voters came to the booth. "votes must be independently counted" black-box == !record there is no way for the representants of any party to check by hand. I was born in Costa Rica, the original banana-republic, but every costarrican child can explain to you why electronic voting in its present form is an invitation to electoral fraud. Do you trust the goverment of Florida to count the no-longer-exixting-ballots the right way?
      • by Yet Another Smith ( 42377 ) on Tuesday September 23, 2003 @11:44AM (#7034860)
        a black box can record the order in which votes were cast, and *anybody* in the room knows the order in which voters came to the booth.

        Well, in theory it might be possible to do that, but most precincts have many (10+) booths, and you'd have to do some pretty clever record-keeping to keep track of which booth folks go into. AFAIK, its not legal to videotape voting rooms (basically it is considered intimidating, and thus in violation of the Voting Rights Act or some such thing - I remember reading a news story about it in the '96 election), so somebody's gonna have to keep track of which booth every single person votes in.

        There are easier ways to intimidate voters. Indeed, optical scan could hold the same capacity for order-count, since there are multiple booths but only scanner, which will hold the ballots in a stack inside. With only a single scanner per precinct, it would be easier to reconstruct the sequence of voters & votes from that than from the black-box method.

        "votes must be independently counted" black-box == !record there is no way for the representants of any party to check by hand.

        Now the 'no-record' problem is a stickier wicket. Here's my theoretical solution, that also resolves some of the 'butterfly ballot' issues that were problems in the Florida vote. Basically, after the voter has completed the vote process, the machine would print a copy of their ballot. The voter is then asked to check it for any errors. If they think its OK, they run it through a slot that goes to a bin that stores the hard-copy record of all the votes, and triggers the vote to be counted by the machine. If they made a mistake, then they run the hard-copy through a different slot that shreds the ballot and re-starts the voting process. This gives a hard-copy record for any re-count, and provides for people to check and make sure they didn't vote for Pat Buchannan when they meant to vote for Ralph Nader.
  • by Anonymous Coward
    Touch Screens are GOOD! The technology is getting an incredibly bad smear thanks to the idiots at Diebold who are using it in ways which are, well, dishonest. I wish somehow the technology could be separated from the fools who use it to further their schemes. Let's hear it for all the good that touchscreens do !
  • Bush in 2004 (Score:2, Informative)

    by Anonymous Coward
    The Fix is in. "How George W. Bush Won the 2004 Election":

    http://www.infernalpress.com/Columns/election.ht ml
  • by 16K Ram Pack ( 690082 ) <tim,almond&gmail,com> on Tuesday September 23, 2003 @08:40AM (#7033233) Homepage
    In a voting system?

    I wouldn't use an Access Database as a way of securing my list of CDs, let alone my democracy.

    Then again, does Dubya have any more brothers who are governors?

    • You don't have to be an expert in computer technology to be successful in computers. You have to have schmooze and politicians in your pocket. Hell, just count the number of potholes on roads paved just last year and ask me if experts in road construction were used.

      Or scarier still, look at the drivel our kids are learning in school and ask me if educational experts are designing our kids' textbooks.

  • Trouble Brewing (Score:2, Interesting)

    by aynrandfan ( 687181 )
    This might be just me, but the apparent insecurity of these voting machines almost ensures courtroom nonsense and bickering. I could be wrong, and I hope so.
  • the only solution... (Score:5, Interesting)

    by Lumpy ( 12016 ) on Tuesday September 23, 2003 @08:40AM (#7033240) Homepage
    It to open the source for these "voting machines" so they can continually undergo a public review.

    Hell the hardware needs to be open for review also. It's not like there is any secret designs in there (Unless you are trying to hide something illegal)

    All it takes is a tiny bit of off the shelf hardware components, a refrence design and the software to make it work easily... anyone could make an electronic voting system.

    until it's all open for review by today's IS and IT experts I will not trust it or the companies making them. This isn't some silly toaster or PVR... this is the basis of the United States... voting..
    • by JaredOfEuropa ( 526365 ) on Tuesday September 23, 2003 @09:43AM (#7033875) Journal
      It to open the source for these "voting machines" so they can continually undergo a public review.
      There are two things you need to secure against tampering: the voting and tallying process, and the resulting data. Open source inspection, while certainly useful to verify the priciples of operation of the voting machines, is not sufficient to prevent tampering with either the tallying process or the resulting data.

      You will want to ensure that the machine accurately registers and tallies votes. Verifying the source alledgedly used in all the machines is not sufficient: you'd need to inspect the (sufficiently large) CRC of the binaries on each and every of the voting machines. You'll want to verify that they are indeed running the software that you have inspected, not some doctored version.

      Even if all machines produce accurate data, that will do little good if anyone can edit the resulting data file, or if the totals are communicated to a central counting facility through a means which allows easy forgery of the results.

      The problem with any electronic voting system is its intransparency, not of the program source, but of the voting and tallying process. Once the job of vote registration and counting is delegated to a machine, it becomes invisible. It is like handing a box of paper ballots to anyone in the streets and asking him to tally up the votes without any supervision. You'll have no idea of the accuracy of the resulting count, unless you are able to recount yourself... and for that, you need a paper trail.

      I firmly believe that any electronic voting needs to be accompanied by a paper trail, and that the counts must be subject to verification of a recount using this paper trail. An electronic voting machine should either produce a paper ballot which the voter can inspect and post in a lockbox, or it should scan a paper ballot on which the voter has indicated his choice by hand. There arer very good reasons to trust paper ballots over electronic ones that are hidden inside some machine:
      - The voter has tangible assurance that the vote that is deposited is the one that he has cast
      - The counting rersults are verifiable: the counting can take place in a group of people from all stakeholders in the election, who will all watch each other.
      - In case of doubt, a recount can take place using the original ballots counted by a different group of people.
      - Most importantly: paper ballots are incredibly hard to forge in bulk, and it is very hard to introduce a significant amount of them into the counting process.
      • by rossjudson ( 97786 ) on Tuesday September 23, 2003 @10:16AM (#7034189) Homepage
        It strikes me as incredible that the "technical" people writing these emails are engaged in such Mickey Mouse chatter, and so interested in just cranking out something, anything that will work. I just don't see how electronic voting is really all that hard to engage in...as long as you have your priorities straight.

        There are two primary things we want to accomplish with EVotes -- first, we want to make the voting process easier to engage in. Second, we want to make the counting process more efficient (less costly). We would also like to reduce the error rate, to the extent that we are able.

        A touch screen voting interface, big and clear and nice, is exactly what we need to help walk people through the process. We can't, though, rely on the software in these machines. One read through the memos above should convince you as to why -- these people just have no idea what they're doing. Basic? Access databases? Windows? My god.

        What this says to me is that we simply cannot get away from paper. So what we want is a system that makes paper easier to use, leaves a paper trail for auditing and verification purposes, and provides ample opportunity for error checking by the voter and by election officials.

        We use the touch screen to answer questions. At the end of the voting session, the system prints a "vote" and electronically tabulates the results. The voter verifies that his printed vote matches what's on the tabulation screen. The voter then folds his paper vote and deposits it with election officials in a good old fashioned ballot box.

        We can then use the electronic tabulation to check quickly on the results -- this is quite efficient. We will also engage in a substantial amount of verification, by counting the paper votes by hand and verifying this against totals learned electronically. The paper always wins, in this system. We do not necessarily need to count all of the paper votes -- we can use random sampling.

        It seems like a win in both directions, for me. Risks include unacceptable printout quality (printer wear), and insufficient random verification.
        • rossjudson wrote:

          There are two primary things we want to accomplish with EVotes --
          first, we want to make the voting process easier to engage in.
          Second, we want to make the counting process more efficient (less costly).

          All these discussion about costs and speed usually leave out the primary goals of a democratic voting procedure, which should be:

          The ballots are secret so that nobody can be persecuted for his vote.

          The final tally reflects accurately the will of people having voted. For accountability

  • Backdoor (Score:5, Funny)

    by mopslik ( 688435 ) on Tuesday September 23, 2003 @08:41AM (#7033250)

    ...documentation of a backdoor via an Access MDB with no password.

    Well, it is called Access after all.

  • by Snarf ( 109692 ) on Tuesday September 23, 2003 @08:43AM (#7033265)
    Doesn't it make you glad to be in a country were your democratic views are stored in an unprotected Access Database!
  • by miodekk ( 680870 ) on Tuesday September 23, 2003 @08:44AM (#7033278)
    The solution is simple: use open source software.
    Every software in government, which is paid for from citizens taxes, should be open source. So that every citizen (at least the one which is a programmer) could check whether the code is good and fair, especially in elections.

    Of course the code actually used in voting machines should be double checked by government professionals, but everyone should have an access to read the code.

    • "Every software in government, which is paid for from citizens taxes, should be open source."

      Maybe I'm being a little bit picky here, but I'd prefer the best tool for the job (yes, I am a gov't employee).

      If that happens to be open source, so much the better, but I don't want to be forced to fumble around with an inadequate tool, and waste time and taxpayer dollars, just for the sake of using open source software.

      Whether or not some people care to admit it (and there are pleny who still don't), someti

      • by wfberg ( 24378 ) on Tuesday September 23, 2003 @09:00AM (#7033405)
        "Every software in government, which is paid for from citizens taxes, should be open source."

        Maybe I'm being a little bit picky here, but I'd prefer the best tool for the job (yes, I am a gov't employee).


        That's why, when ballots are counted by hand, no one is allowed to look how they are being counted. You see, when the ballots are counted behind closed doors, the result comes back in under a minute, but when people can inspect the counting, and insist upon a "procedure" being drawn up that everyone can rad, manual counting can take an hour!

        Many countries prefer to manually count votes behind closed doors with no published counting procedure. For example, Iraq, China, etc. In fact, in these countries the election results are almost always known even before the elections, that's how efficient it is!
      • by 11223 ( 201561 ) on Tuesday September 23, 2003 @09:08AM (#7033472)
        Not when public accountability is a prime concern. It doesn't matter how much better the closed-source voting systems are. I can't audit them; I can't see what's going on.

        There is a vast difference between using some proprietary math program down at NASA and using a closed-source voting system. One of them results in a spacecraft that doesn't work; the other results in a government that doesn't work. You pick. :-)

      • > I'd prefer the best tool for the job.

        I see some misunderstanding here.
        Using the best tool, even commercial one, does not prevent you from releasing your sources.
        You're only unable to release the tool's sources, but you don't have to.
        There will allways be enough number of independent developers able to check your work.

        Regards

      • I'd prefer the best tool for the job

        In this case, part of the "job" is proving that the voting software doesn't have a back door that enables somebody to fix the vote. That's simply not possible unless disinterested third parties can examine the code.

      • Every software in government, which is paid for from citizens taxes, should be open source.

        Whether or not some people care to admit it (and there are pleny who still don't), sometimes the only/best tool for the job is closed-source commercial software.

        But let's stay on the topic of elections. Perhaps here the best tool is a paper ballot (gasp)? Of course you'll need machines to count the millions of ballots, and that should probably be open-source software (how can you build public trust in the process

      • employee job hours are usually the most costly aspect of planning any project in the government. Hardware pales in comparison (and we get 3k laptops) to 200 employee hours. Software can come close though. ARC View is fricken pricey. There is just no open source equivalent.
      • by El Cubano ( 631386 ) on Tuesday September 23, 2003 @10:50AM (#7034464)

        Maybe I'm being a little bit picky here, but I'd prefer the best tool for the job (yes, I am a gov't employee).

        If that happens to be open source, so much the better, but I don't want to be forced to fumble around with an inadequate tool, and waste time and taxpayer dollars, just for the sake of using open source software.

        Whether or not some people care to admit it (and there are pleny who still don't), sometimes the only/best tool for the job is closed-source commercial software.

        I'm sorry, but you are full of it. The amount of money that the federal government spends on software procurement and maintenance is staggering. In many cases, the federal government is the only customer of some firms. Thus, all Uncle Sam has to do is say, "form now on, if you sell to us, its open source." If they company doesn't like it, then tough, they can find others to sell to (the federal government should not be in the business of propping up other businesses).

        In the other case, where the federal government is the only customer, then they stand to lose absolutely nothing by opening the source, unless there is something they are trying to hide.

        As far as the best tool for the job: I would hardly call an end-to-end MS desktop, running MS Office, hooked to MS Servers solution that croaks everytime a new virus comes out and paralyzes entire military installations and federal departments, the best tool for the job. I have seen that exact thing happen so many times that I cannot fathom why we still see things like the recent procurement deal the Army signed for ~$900 million that only included MS OSes.

  • by Tri0de ( 182282 ) <dpreynld@pacbell.net> on Tuesday September 23, 2003 @08:44AM (#7033279) Journal
    I love high tech as much as anyone on Slashdot, but paper ballots make a whole lot more sense: with even a modicum of security you have the originals for recount (recounts being actually pretty straightfoward Florida FUD not withstanding).
    • paper trail (Score:2, Insightful)

      by fred ugly ( 125371 )
      If the machines would actually print out a receipt of sorts, leaving a paper trail for the voter and the election officials, then we would get the best of both worlds. An easy, understandable, and technologically advanced voting system that is open to accurate recounts. But the first count still wouldn't be guaranteed correct.
      • Paper receipts make it easy for a corrupt party to pay for votes.
        • >>> Paper receipts make it easy for a corrupt party to pay for votes.

          lack thereof makes it easy for a corrupt company (diebold) to steal votes. hmm... to have the votes bought, or stolen? it's a tough choice. however, it seems like it would be easier to affect the election on a much larger scale without a paper trail.
        • by hey! ( 33014 ) on Tuesday September 23, 2003 @09:18AM (#7033584) Homepage Journal
          Not necessarily. The idea would not be for the voter to take the receipt with him, but to put it into a locked "ballot box" where it would provide an independent audit trail. Machines would be randomly audited after each election to ensure that fraud did not take place.

          I would say that the system could be made even better this way: separate out the voting and tallying machines, using the paper as a medium of transfer.

          It would work like this:

          (1) Voter makes choices on the voting machine.
          (2) Voting machine prints out paper ballot with text and barcode representation of the votes.
          (3) Voter confirms that text matches his wishes; if so he places the vote in the tallying machine which scans the bar code, puts it into a database, prints the database serial number on the ballot and deposits it into a locked box. If the ballot is unreadable,the machine spits the ballot back out and the voter can try a different machine. If for some reason the tallying machine will not accept a voter's ballot, the ballot is placed in a separte locked box for manual tallying.
          (4) After the election, database records are randomly audited to compare with paper ballots; paper ballots are likewise randomly audited to ensure that the bar codes correctly. The locked "ballot boxes" should have a mechanical counter which indicates the number of times they are opened; a proper log should be kept every time of every time the ballot box was opened and why.

          Such a system would have the auditability of a paper system, with an electronic system's rapid and accurate tallying and ability to handle complex balots.
    • by Soko ( 17987 ) on Tuesday September 23, 2003 @09:05AM (#7033452) Homepage
      Interesting idea.

      Perhaps the voting machine's purpose should be 2 fold - to do an electronic tally at the time of vote selection as well as print out a hard copy ballot recording the person's vote. Basically, the computer becomes a electronic front end to the usual system of voting with pen and paper, just replacing the pen, not the paper. This copy should be human readable so the voter can chack that the machine did indeed register his desired choices, as well as machine scannable to facilitate electronic re-counts. Heck, human readable means manual re-counts are available too. Technology has progressed far enough to do this reliably, hasn't it?

      Nothing like a hard copy audit trail...

      Soko
    • by EvilTwinSkippy ( 112490 ) <yoda@NoSpam.etoyoc.com> on Tuesday September 23, 2003 @09:19AM (#7033595) Homepage Journal
      Nuclear power plants dump a line on a printer for every event that happens. At the steel mill I worked at, the massive forge shat telemitry out to a WORM drive. The running joke in the air force is that that a plan can't fly until the paperwork exceeds that weight of the aircraft. Law firms dump email into giant logs for litigation.

      And yet "industry" doesn't seem to grock record keeping. Methinks' not. They just don't like keeping records about what they don't think is important.

  • by Jaeph ( 710098 ) on Tuesday September 23, 2003 @08:44AM (#7033281)
    You can have fraud using any medium, but when you throw computers into the mix it's a heck of a lot easier to have fraud on a grand scale.

    -Jeff
  • So many databases (Score:4, Interesting)

    by cubicledrone ( 681598 ) on Tuesday September 23, 2003 @08:45AM (#7033282)
    What is the fascination with Access? Why does every company seem to use Access for important data when there are so many other databases that are not only higher quality, but less expensive at the same time?

    There is nothing funnier than companies that try to use Access as the database for 150,000-pageview-a-day websites. Middle management at its most entertaining.
  • More info is avaliable at
    http://seattletimes.nwsource.com/html/localnew s/20 01574367_votefraud21m.html
  • Fingerprints ? (Score:4, Insightful)

    by kaamos ( 647337 ) on Tuesday September 23, 2003 @08:48AM (#7033305)
    Ok, I admit it, I really thought of fingerprints when I say touchscreen voting. Would anyone care to tell me what kind of screens are used for these touchscreens ? Would anyone with a little will be able to capture your fingerprint on the screen ? I mean, someone comes in, votes, wipes the screen real clean, you come in and vote, next guy comes in and uses that powder the police uses on the screen ? I see no real use for this informations, but still, privacy is privacy ...
    • digital fingerprint (Score:2, Interesting)

      by fred ugly ( 125371 )
      The screen itself could probably somehow capture an image of your fingerprint, without the intervention of a second person with a dusting kit... but they don't really need it because they already have a "fingerprint" of you on the smart card you pick up when you walk in and show your photo id. no votes are anonymous with these machines.
  • by Spetiam ( 671180 ) on Tuesday September 23, 2003 @08:50AM (#7033319) Journal
    and these touchscreens can have marquee screensavers saying, "This whole thing is wildly inaccurate. Rounding errors, ballot stuffers, dynamic IPs, firewalls. If you're using these numbers to do anything important, you're insane."
  • Does anyone have an open source voting system project going?

  • And don't forget the REAL problem that plagues touch screen voting...

    Fat fingers.

    What if the fewest number of candidates you can vote for is three at a time?
  • by asmithmd1 ( 239950 ) * on Tuesday September 23, 2003 @08:55AM (#7033358) Homepage Journal
    If the touch screen prints out a ticket that confirms your vote and you put half of the ticket into a locked box all the votes are completely auditable. The ticket could even have a long random number on it that you could use to confirm your vote was counted correctly. If there is a re-count they put all the neatly printed, voter confirmed ticket stubs through an optical reader. No pre-preinted ballots are needed, just a roll of ballot stock. Something is fishy here, must business want to supply a materials to a customer on an ongoing basis. Here they are fighting the customer telling them you don't want to mess with paper.
    • by Baron_Yam ( 643147 ) on Tuesday September 23, 2003 @09:12AM (#7033522)

      You can't have voting receipts... because that would make it too easy to corrupt the voting process.

      Imagine a candidate with 'connections', who insists that you provide him with the opportunity to view your receipt the day after the vote - and if you don't show him a receipt with his name on it, his 'connections' hurt you, your family, or your property.

      • by roystgnr ( 4015 ) <roy@stogn[ ].org ['ers' in gap]> on Tuesday September 23, 2003 @10:37AM (#7034373) Homepage
        Tell two of your friends about vreceipt [vreceipt.com], and have them tell two of their friends, etc. We need to have everybody asking their congressmen not only "Why are we implementing easily tampered with voting systems?", but "Why are we implementing them instead of mathematically verifiable alternatives?"

        There's a lot to the white paper at that link, but here's the part that makes voting receipts possible: The receipts are given out and are identical to an entry in the published "first stage" election results, so you can verify that your vote was counted. The receipts have been repeatedly encrypted with different election officials' public keys, so nobody who wants to buy/blackmail your vote can tell who you voted for (but you can, by examining the original "2-ply" receipt which you pull apart before leaving the booth). Election officials scramble the order in which results are published after each decryption stage, so nobody can trace your vote from first stage to final cleartext results, but half of the published decryptions are randomly checked so any corruption on the part of the election officials will be caught. You still need to have poll watchers to make sure that a polling site doesn't report more votes than there were voters (since the vreceipt process protects against lost or altered votes, but not illegitimately added votes), but that's much easier than attempting to make sure that even an open source voting machine is doing it's job right.
  • Flame Away... (Score:3, Insightful)

    by blackmonday ( 607916 ) * on Tuesday September 23, 2003 @08:56AM (#7033366) Homepage
    How about a program that not only places the votes in a secure database, but also creates a PDF (an open format) and stores it on the local disks (RAID). Include all details of the vote, such as voter ID, etc. All the same stuff we keep on paper today.

    After voting is complete, another program could open the PDFs and parse them out (is this possible?) and compare the results with the database. I don't know what to do in case of a discrepancy, haven't thought that through.

    Oh, and whatever happens, no Windows allowed.

  • I dare to doubt the average US citizen would notice the difference if CowboyNeal would get elected president... (Finally. I thought that poll option would never come in handy!)

    Oh well, back to the drawing board I guess :D

  • no system checks? (Score:5, Insightful)

    by vsync64 ( 155958 ) <vsync@quadium.net> on Tuesday September 23, 2003 @09:01AM (#7033415) Homepage
    What really got me was the bit where one of their "engineers" was explaining how the "system test" is merely the normal POST. I'm currently in the process of writing a very simple inventory / cash flow management system for my employer, and I started building strict integrity checks and reports into it as one of my first steps. Meanwhile, the people making our voting machines can't be bothered?
  • by ferratus ( 244145 ) * on Tuesday September 23, 2003 @09:01AM (#7033416) Homepage
    ... for anything important such as voting. I'm a programmer, I do that for a living I've *never* seen a software project that didn't include quick hacks, known vulnerabilities by the dev team, ,a lazy programmer and a PHB.

    The fact the matter is, EVERY software project has stuff like that.

    I wouldn't trust a software (much less a closed source software) written by anyone (including NASA, govs, whatever) to do anything like this. And personally, I can't believe anyone who has worked in the industry would.

    And that is, regardless of the project management techniques, reviews, whatever.
    • by Sycraft-fu ( 314770 ) on Tuesday September 23, 2003 @09:51AM (#7033943)
      No, there are projects that aren't like that. Critical systems are engineered to a higher standard. Thats why they take so long, cost so much, and are infrequently updated. You can do a fully verified design where you control all teh hardware, all the I/O paths, etc. You make sure everything woks together as expected, check all I/O, test and retest and so on. You see this sort of thing in life saving devices like in hospitals, important communication devices like satalites, and for large cirticial finincial systems and so on.

      However you can't do this on normal comodity systems. You have to control everything about the design, including all hardware and software to make sure no un expected interations occur. You have to test to the extreme, which means a slow dev cycle, and because of all the time and money and control, you can't release new versions often.

      So an electronic voting system could be designed to that level of relibility. I mean think about the electronic banking systems. You just can't fuck up when billions of dollars are at stake. However there is a difference, with banking there is plenty to keep people honest. There are multiple banks, and they are overseen by governments. Any backdoors would hurt only the bank who implemented them. With a voting system, this isn't the case. There would be an intrest for the developers to be able to get in and manipulate the system, even (or perhaps espically) if the developer was the government for which it would vote.
  • by non ( 130182 ) on Tuesday September 23, 2003 @09:03AM (#7033431) Homepage Journal
    these people [scoop.co.nz] think so.
  • by glenrm ( 640773 ) on Tuesday September 23, 2003 @09:05AM (#7033443) Homepage Journal
    I live in Seminole County Florida and we used optically scanned paper ballots, like those answer sheets in school that required a number 2 pencil (of course for voting pens are used). They are easy to use with the names on the ballot right next to the box you fill in. The results are read instantly when inserted in the box that holds the ballots, when a recount was ordered they just ran all of the ballots through again and had the results ready in a few hours. We have had this system for years (at least 10) and have had no problems, it is an easy answer to all of the issues that we are seeing with low-tech and high-tech voting machines. It provides a physical record and does not produce hanging chads.
    • Seminole County is in the Diebold internal memos, though Volusia County memos are much worse than Seminole. Just because you saw no problems does not mean there were none. The problem discussed in Salon.com affects your fill-in-the-dot ballots and touch screens equally.

      The problem is, no one looks at the paper ballots, even in a recount -- they just run them through the machines again.

      In the Diebold memos is a fascinating bit about Volusia County. Diebold machines apparently gave Al Gore MINUS 16,022 vo

  • by StressGuy ( 472374 ) on Tuesday September 23, 2003 @09:09AM (#7033491)
    throwing technology and computerization at the problem will necessarily make the system more secure. Not that these aren't good things, but my experience has been that, from a security standpoint, adding complexity can often increase opportunities to compromise a system.

    I'm not saying that a state-of-the-art computerized, hi-tech voting booth can't be rock-solid secure. However, I do see the potential for companies to sell hi-tech voting machine soley on the *impression* that the added technology automatically makes them more secure.

    I think the focus should be solely on the standard of security. Whatever system can meet that; be it punch card, touch screen, whatever, is the system we use. Sadly, I suspect such a standard will put internet voting a long way off.

  • by Badgerman ( 19207 ) on Tuesday September 23, 2003 @09:10AM (#7033501)
    I'm glad for this article and for people raising red flags on electronic voting.

    The truly sad part is that, from what I can tell, even if there's nothing suspicious in the realm of vote-fixing, we're still dealing with terrible software design and security.

    And, sadly, that terrible design and security is all too common.

    I'm hoping articles like this turns peoples eyes towards the fact that we've got lots of terribly made computer systems, applications, databases, websites, and so on doing very vital roles. In my IT career I've seen hospitals brought to a crawl by lousy patient software, websites with databases so bad that they had to be shut down for maintenance reguarly, simple applications delayed for months by bad planning and inappropriate technology, and far more.

    So, sadly, in the area of voting, it's business as usual. But business as usual is pretty bad for the usual business as is . . .

  • by gdesignrr ( 710134 ) on Tuesday September 23, 2003 @09:10AM (#7033504)
    The EFF is organizing a petition to encourage IEEE to set trustworthy standards for electronic voting. Read about it and join the petition here:

    http://www.eff.org/Activism/E-voting/IEEE/ [eff.org]

    "EFF supports the IEEE in taking on the issue of setting standards for electronic voting machines. We also support the idea of modernizing our election processes using digital technology, as long as we maintain, or better yet, increase the trustworthiness of the election processes along the way. But this standard does not do this, and it must be reworked."
  • by swillden ( 191260 ) * <shawn-ds@willden.org> on Tuesday September 23, 2003 @09:13AM (#7033526) Journal

    Predictably, a bunch of /. responses focus on the fact that the source isn't available for public review as the primary problem, but that's irrelevant, and Bev Harris explained the correct solution quite clearly in the article.

    Open source wouldn't be a bad thing, mind you, but why bother auditing the code? What you really want is to audit the *results*, and the easiest, best solution to that is also the simplest: Have the touch screen machines print paper ballots with a nice list of races and selected candidates. Then the voter can verify that they actually voted the way they wanted to, and the paper ballots can be counted and compared with the computerized tallies by anyone who wants to question the system.

    As Harris points out, the fact that the manufacturers sem so dead-set on avoiding paper printing seems almost sinister... the solution is so obvious, and so simple that it makes you wonder what their true motivations are. They make a lot of noise about printers being too error-prone and difficult to operate, but that's just silly. Take a look at the thermal printers used by retail systems -- they work day in and day out for years with no more maintenance than replacing rolls of paper. Designing a workable printer for a voting booth wouldn't be trivial, but neither would it be an impossibility. The requirements are very simple: Be able to run for an entire day without jamming or running out of consumables, and print paper ballots that are easy to read and remain clear and legible for at least three years.

    There are various minor improvements that can be made to this idea, such as a machine-readable section of the ballot to make automated verification easier, etc., but at bottom paper achieves a level of transparency and reliability that no purely automated system can ever achieve, no matter how many geeks have pored over the code.

  • by Space Coyote ( 413320 ) on Tuesday September 23, 2003 @09:17AM (#7033570) Homepage
    Instead of storing the vote electronically, have the voting machine print off your ballot once you've voted, which you would then place into the ballot box. Increased accessibility and usability, no spoiled / ambiguous ballots, and no chance for loyal party members to control the electronic voting.
  • by StormyMonday ( 163372 ) on Tuesday September 23, 2003 @09:20AM (#7033605) Homepage

    Not the whole answer, at least.

    We need to check, not only that the software has no obvious backdoors, but that

    • The source code that is used corresponds to the source code that is audited (no "last minute fixes")
    • The object code that is linked corresponds to the source code
    • The executable that is in the machine is the same as the code that has been autited
    • The compiler hasn't been screwed with
    • The system libraries haven't been screwed with
    • The OS hasn't been screwed with
    • The BIOS hasn't been screwed with
    • The hardware hasn't been screwed with
    • There isn't any extra info hidden in any nonvolatile memory

    I'm not that paranoid; there are probably any number of other things that could be screwed with and still have the code pass any kind of review with flying colors.

    Paper ballots are the only answer.

  • by kmahan ( 80459 ) on Tuesday September 23, 2003 @09:28AM (#7033711)
    Obviously these people are masters at gathering and implementing requirements from the various governmental entities that would use this.

    Requirements:
    1: Allow government to edit results
    2: Make sure logs can be altered
    3: Provide false sense of security
  • by Polymath Crowbane ( 675799 ) on Tuesday September 23, 2003 @09:30AM (#7033740)
    I can't believe the Diebold folks actually said this:

    Note however that even if we put a password on the file, it doesn't really prove much. Someone has to know the password, else how would GEMS open it. So this technically brings us back to square one: the audit log is modifiable by that person at least (read, me). Back to perception though, if you don't bring this up you might skate through Metamor.

    There might be some clever crypto techniques to make it even harder to change the log (for me, they guy with the password that is). We're talking big changes here though, and at the moment largely theoretical ones. I'd doubt that any of our competitors are that clever.

    I seem to recall that, back in the Dark Ages of the 70s, RACF was able to handle this kind of access control quite nicely. To say a log file can't be protected from the sysadm is either dishonest or incompetent. Either reason should be enough to disqualify a company employing someone like that in that position from anything requiring the public trust.

    • "There might be some clever crypto techniques to make it even harder to change the log"

      Single use passwords are one way to do this, and you can use them under *nix at the moment.

      Diebold appear to be trying to avoid difficult questions from anyone that is even partially technically competent.

      The thing that worries me is why the hell are people even considering electronic voting? What's wrong with OCR'ing the big cross from the ballot card in a controlled environment?

  • by Fantastic Lad ( 198284 ) on Tuesday September 23, 2003 @09:54AM (#7033971)
    --As to just how sleepy America currently is.

    I mean, Bush himself recently declared that there were no WMD's in Iraq, but it only made news deep within the covers of the various big journals which even bothered carrying the little item.

    But this one, voting corruption in the world flagship of 'Democracy', is going to be the real indicator.

    I mean, it seems this voting machine problem is in fact well known and understood by millions. People have time to raise a proper stink and prepare. I very much look forward to seeing if America will DO something about it or if they'll just grunt and roll over to a new sleeping position.

    Unfortunately, it doesn't really matter very much in a political sense. At this point, it doesn't matter who gets into office. They're all a bunch of dangerous bastards who can be expected to play ball to the New World Order agenda. Those who can actually make a difference have a strange tendency to die tragically in King Air A-100 plane crashes.

    I had no idea that Arnie was royalty! He's married to a Kennedy, his mom is married into high-level Austrian politics, and his pappy was in the SS. The boy terminator declared himself the loyal friend of a convicted Nazi war criminal, no less. --Oh yes, and the all-white, all-male, all-billionaire Bohemian Club which has a habit of determining who gets to be the president of the United States, (among other things), has agreed to make Arnie a king of some standing, possibly THE king. Sheesh. Thank goodness California put the brakes on when they did!

    My only hope is that if America does manage to wake up enough to fix this voting machine horseshit, that it'll take the next step and realize that the current administration, and all current potential administrations, are corrupt to the core, put ALL of them in jail, and start fresh. I mean, sure, they'll have no functioning government for the next year, and people will panic, and the dollar will vaporize, and the really evil bastards will all hide out until everything blows over, but. . .

    Who am I kidding?

    More likely? This voting machine problem will be looked and:


    1. People ignore it, and what difference does it make after that?

    2. People 'fix' the problem and then wait patiently to see which monster gets properly elected to continue the destruction of the universe.


    Americans don't have the awareness or the spine for a real revolution.


    -FL

  • mechanical voting! (Score:5, Insightful)

    by goon america ( 536413 ) on Tuesday September 23, 2003 @10:08AM (#7034097) Homepage Journal
    I don't know how you guys do it, but in my district we use these large mechanical voting machines. There is a wide board of switchs, you flip the switches for the candidates you want and then pull a big lever that resets all the switches to a neutral position and records your vote.

    I don't have a verifiable paper trail, but I've never worried about something "hacking" a big box of gears, "bugs" in the gears, the big box of gears going on the fritz, or the gears being made to somehow fit some nefarious purpose. You can't "patch" the gears remotely.

    I see no ways that this system is inferior to a touch screen system. THEY SHOULD USE WHATEVER VOTING SYSTEM WORKS THE BEST, NOT THE ONE THAT'S THE MOST "ADVANCED" AND EXPENSIVE.

    Thank you.

  • by sanermind ( 512885 ) on Tuesday September 23, 2003 @10:11AM (#7034126)
    An excellent article [tmtmetropolis.ru]
    ...from the moscow times. Oh the irony.
    Also, has an extensive bibliography of other links at the bottom.
  • by Agent Green ( 231202 ) * on Tuesday September 23, 2003 @10:37AM (#7034368)
    When I lived in Massachusetts, for the last couple of election cycles, the ballots were printed out on a flat white sheet of paper. We used a thing called a BLACK MARKER to complete a line for the candidate we were voting for. This neat piece of paper was fed into a nifty machine.

    So, the actual paper ballot was retained if a recount was necessary...and the electronic part was just scanning the marks I made on the ballot. Granted, write-in candidates needed to be verfied manually.

    That's all that needs to be done for ANY electronic voting system. None of this touchscreen bullshit, source code fiasco, or questions of verification. The miracles of OCR are something not to be overlooked!!
  • by BevHarris ( 700957 ) on Tuesday September 23, 2003 @11:23AM (#7034722)
    There is a sort of whack-a-mole activity going on with Diebold; so far it has filed six cease & desist orders but the entire stash of 15,000 memos keeps popping up. For the latest link, visit www.blackboxvoting.org [blackboxvoting.org] and judge for yourself. Thought you'd be interested in this exchange:

    Sent: Wednesday, January 17, 2001 8:07 AM

    "Hi Nel, Sophie & Guy (you to John), I need some answers! Our department is being audited by the County. I have been waiting for someone to give me an explanation as to why Precinct 216 gave Al Gore a minus 16022 when it was uploaded. Will someone please explain this so that I have the information to give the auditor instead of standing here "looking dumb".

    "I would appreciate an explanation on why the memory cards start giving check sum messages. We had this happen in several precincts and one of these precincts managed to get her memory card out of election mode and then back in it, continued to read ballots, not realizing that the 300+ ballots she had read earlier were no longer stored in her memory card . Needless to say when we did our hand count this was discovered.

    "Any explantations you all can give me will be greatly appreciated.
    Thanks bunches,
    Lana
    "

    followup:

    Date: Thu, 18 Jan 2001 15:44:50 -0500

    "There are two separate issues/problems that are getting combined in this stream.

    "- a check sum error occurred which the poll worker reset and continued counting the card "did not" require downloading before be reset. She never reran the previously counted ballots and this resulted in some negative PR post election. So that is Lana's primary question, how did this happen? Ken explanation sounds like a good one and will not require a line for VTS if we can ever get to GEMS.

    "- the negative numbers on media display occurred when Lana attempted to reupload a card or duplicate card. Sophia and Tab may be able to shed some light here, keeping in mind that the boogie man may me reading our mail. Do we know how this could occur? "

    NOTES
    Sophia was the Diebold tech involved with the San Luis Obispo vote tally that appeared on the Internet five hours before poll closing.

    Sophia is also the King County tech rep -- note the Ken Clark alter the audit log memo, talking about doing "end runs" around the voting system -- "King County is famous for it"

    followup: possibility of "unauthorised source

    Date: Thu, 18 Jan 2001 13:31:04 -0800

    "John,

    "Here is all the information I have about the 'negative' counts.

    "Only the presidential totals were incorrect. All the other races the sum of the votes + under votes + blank votes = sum of ballots cast. The problem precinct had two memcory [sic] cards uploaded. The second one is the one I believe caused the problem. They were uploaded on the same port approx. 1 hour apart. As far as I know there should only have been one memory card uploaded. I asked you to check this out when the problem first occured but have not heard back as to whether this is true.

    "When the precinct was cleared and re-uploaded (only one memory card as far as I know) everything was fine.

    "Given that we transfer data in ascii form not binary and given the way the data was 'invalid' the error could not have occured during transmission. Therefore the error could only occur in one of four ways:

    "Corrupt memory card. This is the most likely explaination for the problem but since I know nothing about the 'second' memory card I have no ability to confirm the probability of this.

    "Invalid read from good memory card. This is unlikely since the candidates results for the race are not all read at the same time and the corruption was limited to a single race. There is a possiblilty that a section of the memory card was bad but since I do not know anything more about the 'second' memory card I cannot validate this.

    "Corruption of memory, whether on the host or Accu-Vote

  • by rsheridan6 ( 600425 ) on Tuesday September 23, 2003 @11:42AM (#7034847)
    lifted from a blog [blogspot.com]:


    A remarkable exchange concerning Diebold's voting machines in Volusia County, Florida. On January 17, 2001, Lana Hines, a county elections official sends out an inquiry as to how Al Gore ended up with a vote-count of -16,022. That's NEGATIVE 16,022--which just happens also to have been the total number of votes cast for various independent and third-party candidates who also ran. (It was the largest number of such votes cast in Volusia County's history.)

    Pay close attention to the final entry, from "Tab"--that is, Talbot Iredale, Vice President of Research & Development at Global/Diebold. The most troubling of his statement is in bold below. Iredale writes: ...the error could only occur in one of four ways:

    1.Corrupt memory card. This is the most likely explaination for the
    problem but since I know nothing about the 'second' memory card I have
    no ability to confirm the probability of this.

    2.Invalid read from good memory card. This is unlikely since the
    candidates['] results for the race are not all read at the same time and
    the corruption was limited to a single race.There is a possib[ili]ty that
    a section of the memory card was bad but since I do not know anything
    more about the 'second' memory card I cannot validate this.

    3.Corruption of memory, whether on the host or Accu-Vote. Again this is
    unlikely due to the localization of the problem to a single race.

    4.Invalid memory card (i.e. one that should not have been
    uploaded). There is always the possib[i]lity that the 'second memory card'
    or 'second upload' came from an un-authorised source.

    And that's only the tip of the iceberg.

    When will this all-important story break out in the US mainstream press?


    And Diebold has been sending cease-and-desist letters out to people who have covered this. This particular mistake looks like a screw-up rather than fraud, but either way I want no part of it.
  • by ewhac ( 5844 ) on Tuesday September 23, 2003 @01:31PM (#7035841) Homepage Journal

    I want the names of all the Diebold technical personnel involved with these machines so I can add them to our hiring blacklist.

    Perhaps I've been living in an idyllic career vacuum, where everyone is competent and of good character -- and perhaps that's why I'm completely, jaw-droppingly astonished beyond words after reading Scoop's copy of the internal Diebold memos. With the possible exception of $(MUMBLE_SALTPILE_MUMBLE), I've never witnessed such opaque incompetence. These "engineers" not only don't know what they're doing, they clearly don't want to know what they're doing.

    That whole "explanation" as to why a password on the database would be "pointless", since GEMS needs a password to add vote records... <*shaking head*> It's crystal-fscking-clear that they want an anonymous database user/account (the voter) that can only append records (votes) to the database; it must not be allowed to read or modify records. Read-only accounts are given to the vote counters and, if you really need to, a single strongly-passworded read-write account is given to the election commissioner. Once you establish these requirements, you then look for software that will do this for you. If MSAccess won't do it, junk it and move on. If no existing databases will do it, then My God, you're going to have to do some actual engineering! .

    These idiots are trying to fudge the requirements because, apparently, they don't want to have to use any software they can't scoop up at Fry's (and, apparently, writing their own software is an anathema). I mean, yeah, their incompetence has placed the integrity of the Republic at risk, yadda yadda yadda, but am I the only person who sees their behavior as a kind of disinterested laziness? I can sort of understand people who are disinterested in the act of voting because the hiring roster has been stacked. But I mean, for God's sake, what kind of self-respecting person -- never mind software engineer -- would demonstrate such a profound lack of interest and respect in designing a fundamental instrument of democratic principles? If it were me, I'd be lying awake at night, worrying that I wasn't dilligent enough, wasn't smart enough to take on work of such profound importance. It would probably eat me alive, because any screw-up could be disasterous, because doing an excellent job would be so absolutely critical . But no, these guys are just phoning it in, tossing aside crucial security concerns with utterly stupid aphorisms such as, "Passwords actually don't matter much..."

    Blacklist them. The software screwup you avoid may be your own.

    Schwab

  • by BevHarris ( 700957 ) on Wednesday September 24, 2003 @01:55AM (#7041325)
    Diebold objected to publishing a link to a foreign web site which in turn published links to the Diebold memos, and our ISP caved. More on this here [blackboxvoting.com], and you'll find the letter from the Diebold attorney [thoughtcrimes.org] here -- and for a small hoot, please notice that the letter, which is not copyrighted, includes the link (three times) which they object to, and therefore republishing the letter telling people not to publish the link actually serves to publish the link.

    Here is what I have been doing all day:

    Reporter: Why is Diebold sending cease and desists?
    Me: Because they don't want anyone to see their memos
    Reporter: Oh. What is in the memos?
    Me: Oh, things about security flaws and using uncertified software and using cell phones to intercept and transfer votes and discussions of how to fake things...
    Reporter: Wow. Where can I download these?
    Me: At this web site [211.117.160.48]
    Reporter: Okay I'm going there now, okay, it's downloading, when I'm done will you give me a guided tour?
    Me: Sure. And here is a neat little web page [globalfreepress.com] where you just enter any search term and it instantly searches and find you the Diebold memos that match
    Reporter: What search terms should I start with?
    Me: Try "boogie man" and also "hack" "cel phone" "broken" "fake" and one of my personal favorites, "What good are rules"
    Reporter: I'll try that "what good are rules" one. Found it. Gosh, what is he doing? Is that legal?
    Me: No.

    And so it goes. Excellent plan, Diebold. Yes, shut down a web site, that'll help.

    Besides reporters, the memos were downloaded today by the U.S. House of Representatives.

He who steps on others to reach the top has good balance.

Working...