Touch Screen Voting Industry Circling Wagons

bhoman writes "Salon has an interesting article/interview with the author of a forthcoming book, Black Box Voting, by Bev Harris, that looks at electronic voting machines, especially Diebold touchscreens. The story includes incriminating internal memos, cease and desist orders from Diebold, transcripts of an industry teleconference where Harris Miller of the ITAA brags of his lobbying experience, and documentation of a backdoor via an Access MDB with no password. This is for software currently being used in 37 states. "

An even realer link

An open invitation to election fraud [salon.com]

The U.S. government seems to me to be becoming more and more corrupt. As David Letterman recently said, "When you make out your check for the Iraq war, there are two Ls in Halliburton."

Money seems to be everything, the health of the country nothing. McCain is right, we need campaign finance reform.

Re:The story becomes more mainstream...

Depends how much they try to overlook it.

Re:The story becomes more mainstream...

I' waiting for this to happend, but it seems americans (USA americans, that is) don't give a damm for basic democratic principles. "The vote is secret" but a black box can record the order in which votes were cast, and *anybody* in the room knows the order in which voters came to the booth. "votes must be independently counted" black-box == !record there is no way for the representants of any party to check by hand. I was born in Costa Rica, the original banana-republic, but every costarrican child can explain to you why electronic voting in its present form is an invitation to electoral fraud. Do you trust the goverment of Florida to count the no-longer-exixting-ballots the right way?

It's a basic principle, all right

No, that's not a basic democratic principle. That's a current principle used to encourage everyone to vote without fear of reprisal, but it's hardly a fundamental aspect of the system.

There are at least two reasons why you want secret balloting, one of them rather subtle. The obvious one is to prevent voter intimidation; the other is to keep people from being able to bring evidence that they voted for a particular candidate outside the confines of the voting booth.

Otherwise, I can park across the street with a sign reading, "$1 Paid For Each Vote for Candidate X" and buy votes from people coming out of the polling place with proof of their vote. Some of the machines being discussed would enable corrupt voters to do exactly that.

You really don't want to have any way to associate individual voters with their votes during or after an election. I'm sure there are tons of potential exploits beyond the few that I've heard of or thought of myself. Dropping the voter-secrecy requirement would be a major step in the ongoing banana-republicization of America.

Re:It's a basic principle, all right

Could you explain why, exactly, this is a problem? If someone chooses to sell their vote, why shouldn't they be allowed to do so? This is a serious question.

Because it undermines the whole notion of voting for a candidate because of the things they promise to do once in power. Bad election practices such as these were common in parts of England until the nineteenth century. "Rotten boroughs" with small numbers of eligible voters could be used to ensure a candidate got into parliament. Even after the widening of the franchise a mixture of bribery and coercion was common, with small farmers and manual labourers expected to vote how their bosses saw fit.

Chris

Re:It's a basic principle, all right

The major flaw in a secret ballot, however, is that the only person who knows for sure how he voted can't verify his vote was counted correctly. The people who can verify the vote don't know what the vote is. There's no check. Even in a simple summation, You can't verify the output without knowing all the inputs.

Take a simple model of a non-secret ballot where everybody's vote is published in a newspaper the day after the vote. John Q. Public can check the paper, verify his vote was recorded correctly, and verify that all the votes add up to the reported total. There's no opportunity for fraud except for the case of vote buying but then the voter is a willing participant, and, in fact, can be done in the existing system through absentee ballots.

What's needed is a method where the voter can verify his vote and the reported totals without sacrificing his anonymity. Then it doesn't matter if the vote is cast on paper, electronically, or by smoke signals. It then becomes an argument over which system is more efficient (less mistakes, faster results, etc.) rather than which system is more open to fraud.

Re:It's a basic principle, all right

What's needed is a method where the voter can verify his vote and the reported totals without sacrificing his anonymity.

Dead simple. Take a SHA1 hash of the voter's name and address, a secret string Joe entered at the polling place and the candidates he voted for. Publish the list of hashes in the paper. Joe Voter calculates the hash himself and looks for it in the list. If it's not there, someone is playng games. You need the secret string because Joe's name and address are public knowledge.

Re:The story becomes more mainstream...

Interesting that you quite correctly acknowlege the fact that every election result has a margin of error, but then fail to apply that fact to the 2001 result in Florida. I believe all the counts in that election were within a 2.6% margin.

The problem with the Florida 2001 election isn't that it got the results wrong. It is that we were forced to accept a statistically suspect outcome because of a lack of procedures for dealing with an extremely close count. Plus, whatever procedures might have been in place appear to have been hijacked by partisan entities. Whether you're Republican or Democrat, this is not a good thing for democracy.

Re:The story becomes more mainstream...

a black box can record the order in which votes were cast, and *anybody* in the room knows the order in which voters came to the booth.

Well, in theory it might be possible to do that, but most precincts have many (10+) booths, and you'd have to do some pretty clever record-keeping to keep track of which booth folks go into. AFAIK, its not legal to videotape voting rooms (basically it is considered intimidating, and thus in violation of the Voting Rights Act or some such thing - I remember reading a news story about it in the '96 election), so somebody's gonna have to keep track of which booth every single person votes in.

There are easier ways to intimidate voters. Indeed, optical scan could hold the same capacity for order-count, since there are multiple booths but only scanner, which will hold the ballots in a stack inside. With only a single scanner per precinct, it would be easier to reconstruct the sequence of voters & votes from that than from the black-box method.

"votes must be independently counted" black-box == !record there is no way for the representants of any party to check by hand.

Now the 'no-record' problem is a stickier wicket. Here's my theoretical solution, that also resolves some of the 'butterfly ballot' issues that were problems in the Florida vote. Basically, after the voter has completed the vote process, the machine would print a copy of their ballot. The voter is then asked to check it for any errors. If they think its OK, they run it through a slot that goes to a bin that stores the hard-copy record of all the votes, and triggers the vote to be counted by the machine. If they made a mistake, then they run the hard-copy through a different slot that shreds the ballot and re-starts the voting process. This gives a hard-copy record for any re-count, and provides for people to check and make sure they didn't vote for Pat Buchannan when they meant to vote for Ralph Nader.

Wow, Diebold can

Quote from the article: While seeking information last January about a voting-machine company for a book she was writing, she found a Web site "on about the 15th page of Google." The open, unprotected site held some 40,000 files that included user manuals, source code and executable files for voting machines made by Diebold, a corporation based in North Canton, Ohio.

Quotes from the above article:

Quotes from the above article:

No official at Diebold or the Georgia Secretary of State's office has provided any explanation at all about the OTHER program patch files -- the ones contained in a folder called "rob-georgia" on Diebold's unprotected FTP site.

Inside "rob-georgia" were folders with instructions to "Replace what is in the GEMS folder with these" and "Run this program to the C-Program Files Winnt System32 Directory." GEMS is the Diebold voting program software.

Another quote:

- And assume that all 22,000 program patches did exactly what they said they did: Corrected a conflict between Windows CE and Diebold's firmware to prevent screens from freezing up.

Re:Another article by Bev Harris:

Just so you know: I have never "published articles in Conspiracy Planet."

Just as the Salon.com article was picked up here at Slashdot, Conspiracy Planet picks up articles from wherever it wants. It copied an article that was in Scoop Media. The Seattle Times reporter was somewhat misleading, and he was determined to get the word "conspiracy" into the article somehow.

I put him on notice that if he called me a conspiracy theorist, he would have to back that up with facts or I would require the editors to print a correction. Then he said "well, I'll just print what others say about you."

This guy did everything but stand on his head to slant the story, but I blocked most of the efforts. Something he fails to report in his story is that the Microsoft Access hack that is the subject of the Scoop Media article, the Ken Clark memo, and the Salon.com article (and was vetted out right here on Slashdot) -- well, I demonstrated that hack in front of the Seattle Times reporter, the IT guy for the Times, and a Seattle Times photographer, who commented, "Wow. This shows you can rig an election."

The reporter's use of the "Conspiracy Planet" reference was pretty disengenuous, when you realize that he knew damn well my work has also been covered in the Washington Post, AP Wire service, the San Francisco Chronicle, and CNN.

As you can see, I'm getting sick of the "conspiracy" label, since I've broken seven stories in a row on the voting issue and every one of them has checked out and, eventually, been picked up by the mainstream media, albeit haltingly. For a long time I just ignored it, but now, when reporters try to go there, I tell them to back it up or get hit with a correction, and if they don't correct, a libel suit.

Sad that it has to come to this -- printing facts is not the same thing as being a tinfoil hatter. What I do is scrutiny, and my facts check out.

Bev Harris

Access Database?

In a voting system?

I wouldn't use an Access Database as a way of securing my list of CDs, let alone my democracy.

Then again, does Dubya have any more brothers who are governors?

wroooong

Nope. Nobody was "kicked off the list" because of the felon list. In fact, when the USCCR held hearings on the 2000 Florida elections, they couldnt find a single eligible voter that was kept from voting because they were incorrectly identified as a felon (and believe me- the Democrat majority in the commission looked VERY hard).

No, you're wrong. Greg Palast did extensive research [gregpalast.com] into what happened. Don't buy the party line from Fox News, CNN, and others who completely whitewashed what happened in Florida.

Now that Diebold has a lock on voting systems, expect more fraud and even less media acknowledgement of it.

Re:wroooong

Odd. The United States Commission on Civil Rights reports, in a document titled _Voting Rights_in_Florida_2002:_Briefing_Summary
dated August 2002, includes the following:

The agreements, for example, call for county officials to identify and restore the voting rights of people incorrectly removed from voter rolls as a result of errors on the felon lists provided by the state Division of Elections,

If there were no voters purged incorrectly, why is this part of the settlement between the U.S. Government and the counties of Florida?

Why all the reports of African American voters turned away at the polls, as reported by the USCCR?

the only solution...

It to open the source for these "voting machines" so they can continually undergo a public review.

Hell the hardware needs to be open for review also. It's not like there is any secret designs in there (Unless you are trying to hide something illegal)

All it takes is a tiny bit of off the shelf hardware components, a refrence design and the software to make it work easily... anyone could make an electronic voting system.

until it's all open for review by today's IS and IT experts I will not trust it or the companies making them. This isn't some silly toaster or PVR... this is the basis of the United States... voting..

Re:the only solution...

ISO 9001 described manufacturing and processes.

The important thing to remember about ISO9001 is that it's perfectly OK for an ISO9001 shop to fling completed motherboards frisbee style across the warehouse so that it hits the wall and lands in the pile for packaging/shipping as long as that is the written procedure.

It says nothing about quality, it doesn't even assure consistancy (some boards may actually function after the above proicedure, it's random dumb luck). All it really assures is that somebody paid some ISO9001 auditors a hefty chunk of cash.

The real primary goal of ISO9001 is to remove all human thought from the process so that low paid unskilled labor can operate like expensive industrial robots.

Note that the original INTENT was to force a company to think about it's procedures in an organized manner and so make improvements in their process and in the process generate good solid and complete operational manuals. Unfortunatly, that rarely happens due to managers and ISO auditors taking what should be a manual of good ideas and raising it up to the status of holy scripture.

It is cynically amusing to listen to people in an ISO company talking about procedures in the manual. They sound EXACTLY like door-to-door bible thumpers quoting scripture. It's not at all unusual to find walls plastered with posters repeating the same 'inspirational' phrase everywhere. The phrase is so pervasive that it no longer carries meaning, but instead invokes conditioned response, not unlike a particularly dysfunctional religious cult.

It never once occurs to them that the outcome is what is important and that procedures should be re-written if/when they lead to a poor outcome.

Re:the only solution...

It to open the source for these "voting machines" so they can continually undergo a public review.

There are two things you need to secure against tampering: the voting and tallying process, and the resulting data. Open source inspection, while certainly useful to verify the priciples of operation of the voting machines, is not sufficient to prevent tampering with either the tallying process or the resulting data.

You will want to ensure that the machine accurately registers and tallies votes. Verifying the source alledgedly used in all the machines is not sufficient: you'd need to inspect the (sufficiently large) CRC of the binaries on each and every of the voting machines. You'll want to verify that they are indeed running the software that you have inspected, not some doctored version.

Even if all machines produce accurate data, that will do little good if anyone can edit the resulting data file, or if the totals are communicated to a central counting facility through a means which allows easy forgery of the results.

The problem with any electronic voting system is its intransparency, not of the program source, but of the voting and tallying process. Once the job of vote registration and counting is delegated to a machine, it becomes invisible. It is like handing a box of paper ballots to anyone in the streets and asking him to tally up the votes without any supervision. You'll have no idea of the accuracy of the resulting count, unless you are able to recount yourself... and for that, you need a paper trail.

I firmly believe that any electronic voting needs to be accompanied by a paper trail, and that the counts must be subject to verification of a recount using this paper trail. An electronic voting machine should either produce a paper ballot which the voter can inspect and post in a lockbox, or it should scan a paper ballot on which the voter has indicated his choice by hand. There arer very good reasons to trust paper ballots over electronic ones that are hidden inside some machine:
- The voter has tangible assurance that the vote that is deposited is the one that he has cast
- The counting rersults are verifiable: the counting can take place in a group of people from all stakeholders in the election, who will all watch each other.
- In case of doubt, a recount can take place using the original ballots counted by a different group of people.
- Most importantly: paper ballots are incredibly hard to forge in bulk, and it is very hard to introduce a significant amount of them into the counting process.

Re:the only solution...

It strikes me as incredible that the "technical" people writing these emails are engaged in such Mickey Mouse chatter, and so interested in just cranking out something, anything that will work. I just don't see how electronic voting is really all that hard to engage in...as long as you have your priorities straight.

There are two primary things we want to accomplish with EVotes -- first, we want to make the voting process easier to engage in. Second, we want to make the counting process more efficient (less costly). We would also like to reduce the error rate, to the extent that we are able.

A touch screen voting interface, big and clear and nice, is exactly what we need to help walk people through the process. We can't, though, rely on the software in these machines. One read through the memos above should convince you as to why -- these people just have no idea what they're doing. Basic? Access databases? Windows? My god.

What this says to me is that we simply cannot get away from paper. So what we want is a system that makes paper easier to use, leaves a paper trail for auditing and verification purposes, and provides ample opportunity for error checking by the voter and by election officials.

We use the touch screen to answer questions. At the end of the voting session, the system prints a "vote" and electronically tabulates the results. The voter verifies that his printed vote matches what's on the tabulation screen. The voter then folds his paper vote and deposits it with election officials in a good old fashioned ballot box.

We can then use the electronic tabulation to check quickly on the results -- this is quite efficient. We will also engage in a substantial amount of verification, by counting the paper votes by hand and verifying this against totals learned electronically. The paper always wins, in this system. We do not necessarily need to count all of the paper votes -- we can use random sampling.

It seems like a win in both directions, for me. Risks include unacceptable printout quality (printer wear), and insufficient random verification.

Backdoor

...documentation of a backdoor via an Access MDB with no password.

Well, it is called Access after all.

Land Of The Free (To Enter)

Doesn't it make you glad to be in a country were your democratic views are stored in an unprotected Access Database!

Use open source in government

The solution is simple: use open source software.
Every software in government, which is paid for from citizens taxes, should be open source. So that every citizen (at least the one which is a programmer) could check whether the code is good and fair, especially in elections.

Of course the code actually used in voting machines should be double checked by government professionals, but everyone should have an access to read the code.

Re:Use open source in government

"Every software in government, which is paid for from citizens taxes, should be open source."

Maybe I'm being a little bit picky here, but I'd prefer the best tool for the job (yes, I am a gov't employee).

That's why, when ballots are counted by hand, no one is allowed to look how they are being counted. You see, when the ballots are counted behind closed doors, the result comes back in under a minute, but when people can inspect the counting, and insist upon a "procedure" being drawn up that everyone can rad, manual counting can take an hour!

Many countries prefer to manually count votes behind closed doors with no published counting procedure. For example, Iraq, China, etc. In fact, in these countries the election results are almost always known even before the elections, that's how efficient it is!

Re:Use open source in government

Not when public accountability is a prime concern. It doesn't matter how much better the closed-source voting systems are. I can't audit them; I can't see what's going on.

There is a vast difference between using some proprietary math program down at NASA and using a closed-source voting system. One of them results in a spacecraft that doesn't work; the other results in a government that doesn't work. You pick. :-)

Re:Use open source in government

Maybe I'm being a little bit picky here, but I'd prefer the best tool for the job (yes, I am a gov't employee).

If that happens to be open source, so much the better, but I don't want to be forced to fumble around with an inadequate tool, and waste time and taxpayer dollars, just for the sake of using open source software.

Whether or not some people care to admit it (and there are pleny who still don't), sometimes the only/best tool for the job is closed-source commercial software.

I'm sorry, but you are full of it. The amount of money that the federal government spends on software procurement and maintenance is staggering. In many cases, the federal government is the only customer of some firms. Thus, all Uncle Sam has to do is say, "form now on, if you sell to us, its open source." If they company doesn't like it, then tough, they can find others to sell to (the federal government should not be in the business of propping up other businesses).

In the other case, where the federal government is the only customer, then they stand to lose absolutely nothing by opening the source, unless there is something they are trying to hide.

As far as the best tool for the job: I would hardly call an end-to-end MS desktop, running MS Office, hooked to MS Servers solution that croaks everytime a new virus comes out and paralyzes entire military installations and federal departments, the best tool for the job. I have seen that exact thing happen so many times that I cannot fathom why we still see things like the recent procurement deal the Army signed for ~$900 million that only included MS OSes.

Re:Use open source in government

He got in because of the 'old-sk00l' methods, and how reliable they are

I call bullshit on you.

George W. Bush won the 2000 election under the current American Electoral System. Sure, Gore may have won the popular vote, but that doesn't directly decide who the president is in this country.

The mix-up in Florida was because people couldn't figure out a simple ballot. It was decided by the powers that be that Florida's electoral votes would go to Bush (well, that's a generalization, but the same idea).

The moderators would have a better time with this if there was a Score: -1, Conservative.

Re:Use open source in government

> George W. Bush won the 2000 election under the current
> American Electoral System. ... The mix-up in Florida was because people couldn't figure out a simple ballot.

Oh, is that how it happened?

Even if we ignore the controversial Supreme Court ruling, the issue was much more complicated than that.

Jeb Bush and co. worked to get thousands of black voters disenfranchised by removing their names from the voting rolls if they had a name similar to that of a convicted felon ("Official: Florida disenfranchised minority voters", CNN, March 9, 2001).

Bush worked to maximize the number of overseas ballots in counties he won, he also worked to disenfranchise military ballots in counties Gore had won ("How Bush Took Florida: Mining the Overseas Absentee Vote", New York Times, July 15, 2001).

Of course, the problem was exasperated by Gore deciding to only have recounts in counties he won, rather than across the whole state.

So, the real issue was not just a complicated voting ballot, but also the way the votes were counted. And it's easier to verify how votes are counted (and recounted if necessary), if there's a paper trail. It doesn't help that Diebold's system is insecure.

Consider the fact that Diebold CEO Waldon O'Dell is a Republican who said in a fundraiser letter that he was committed to ""committed to helping Ohio deliver its electoral votes to [George W. Bush] next year." It is all the more important to make sure the way votes are cast and counted are transparent to the voters themselves.

And before I get lambasted by conservatives, consider the following: how would you react if you heard that the CEO of the company supplying voting equipment wrote in a Democratic fund raising letter that he was committed to helping Hillary Clinton win the presidency in 2004? You'd be a little nervous, and a lot pissed.

Re:Use open source in government

> NO! First of all, when the (Democrat majority) USCCR
> held hearings on the Florida election, they were not able
> to find a single person that was disenfranchised by the
> felon list.

You linked to the dissenting opinion, and not the original report. The majority opinion was 6-2. The U.S. Commission on Civil Rights found that the 2000 presidential race in Florida was marred by "injustice, ineptitude and inefficiency" that disenfranchised minority voters.

The report concluded that :

* "countless unknown eligible voters" were wrongfully turned away from the polls or purged from voter registration lists because of procedures and practices used by election officials.

* criticism of an an effort to purge convicted felons and other ineligible voters from registration roles. Lists of ineligible voters, compiled by a private firm, had an error rate of at least 14 percent, and black voters had a "significantly greater chance" of appearing on the inaccurate lists than white voters

* black voters were nine times more likely than white voters to have their ballots rejected during the counting process. Faulty voting systems were more likely to be used in areas with higher percentages of minority voters, but even in counties where the voting systems were the same, black voters still had a higher rejection rate than white voters

(Source: "Civil Rights Commission Approves Report Assailing Florida Vote", CNN, June 8, 2001.)

The sentence you cited from the New York Times article was incomplete and out of context. It was talking about the Democrats' accusation that the Republicans had organized an effort to seek votes after the deadline: "The Times study found no evidence of vote fraud by either party. In particular, while some voters admitted in interviews that they had cast illegal ballots after Election Day, the investigation found no support for the suspicions of Democrats that the Bush campaign had organized an effort to solicit late votes."

Earlier in the article, "the Republicans mounted a legal and public relations campaign to persuade canvassing boards in Bush strongholds to waive the state's election laws when counting overseas absentee ballots. Their goal was simple: to count the maximum number of overseas ballots in counties won by Mr. Bush, particularly those with a high concentration of military voters, while seeking to disqualify overseas ballots in counties won by Vice President Al Gore. ... In an analysis of the 2,490 ballots from Americans living abroad that were counted as legal votes after Election Day, The Times found 680 questionable votes. Although it is not known for whom the flawed ballots were cast, four out of five were accepted in counties carried by Mr. Bush"