Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
United States Your Rights Online Technology

Maryland Electronic Voting Systems Found Vulnerable 417

snoitpo writes "My fine state (Maryland) has hired some people I can respect to hack into Diebold voting machines. The Washington Post (read it free for 2 weeks) has the details. From this story and the one on NPR, the state hired a company and set up a test voting precinct and had the group try whatever they could to break into the machines. Most of the attacks would probably be noticed by an even-half-awake poll staff, but some vulnerabilities were exposed. The net seems to be that you could really mess up individual machines, but the grail would be to get to the central collection servers and send a megavote to your favorite candidate. The last paragraph mentions problems that voting machines had in the last election in Virginia; it's interesting to note that those use wireless networking--my jaw has dropped onto my keyboard and I can't comment any further." Other readers sent in two stories in the Baltimore Sun (1, 2), and one in the NY Times.
This discussion has been archived. No new comments can be posted.

Maryland Electronic Voting Systems Found Vulnerable

Comments Filter:
  • by glinden ( 56181 ) * on Friday January 30, 2004 @01:46PM (#8136478) Homepage Journal
    At a minimum, electronic voting machines need to print out a paper receipt. That would allow a recount and increase accountability in the system. Without a paper receipt, you may not even be able to determine that an attack has occurred.

    Bruce Schneier [schneier.com], author of Beyond Fear [slashdot.org] and the fantastic Applied Cryptography [amazon.com], has an old but good commentary [schneier.com] on the some security issues of electronic voting machines in his Crypto-gram newsletter.
    • by cgranade ( 702534 ) <cgranade@gmail . c om> on Friday January 30, 2004 @01:53PM (#8136590) Homepage Journal
      Paper trails are good and wonderful, but what is a paper receipt going to do? It is trivial to print X and tabulate Y. If the receipts are not collected and stored, then nothing is gained except for giving the voter a (false) sense of security. It would be impractical, and inaccurate to collect receipts after an election.
      • by Asprin ( 545477 ) <(gsarnold) (at) (yahoo.com)> on Friday January 30, 2004 @02:08PM (#8136780) Homepage Journal

        Of course, you could sidestep the whole issue if you do it my way [slashdot.org]. I propose that no counting be done by the polling machine, but by a separate sealed tabulator. Further, I propose that the mechanism for getting the ballots tabulated be optical character recognition scanning of the printed text of the ballot -- no barcodes, no punchholes, no encryption keys. This way the tabulator has no programming and does not need to be loaded with data prior to counting.
      • by Dark Paladin ( 116525 ) * <jhummel.johnhummel@net> on Friday January 30, 2004 @02:14PM (#8136860) Homepage
        Probably the best thing to do then is print out a barcode at the top with a breakdown of voting:

        President: John Adams
        Vice-President: Thomas Jefferson
        Treasurer: Etc

        This way, the user gets a visual confirmation, and it's crystal clear who voted for whom. They put that chit into the ballet box (which is locked). Chits are stored. In the event of a question of fraud, the old ballot chits can be pulled out and verified - no "hanging chads" here. Users feel good "knowing" what they voted for, and the system can still be paperless.

        I'd also want to see a 5% of all results double checked against what was reported, with random precincts checked to always keep things in line.
      • Uhm ...

        Independent of whether this is electronic-voting-from-home or show-up-at-the-polls-and-touch-a-screen-voting, there's a simple concept from the business world that can be adapted for this situation ...

        MERCHANT COPY / CUSTOMER COPY. :D
        • by canajin56 ( 660655 ) on Friday January 30, 2004 @03:08PM (#8137514)

          A basic requirement for a fair vote is that the voter does NOT receive a copy of their vote. Otherwise somebody threatening you / bribing you to vote a certain way has a way to confirm that you did like you were told.

          What is so hard and confusing about THIS method:
          People vote by checking off a box on a sheet of paper. People fold this paper over and hand it to a poll worker, and watch while this worker places the folded piece of paper in a locked strongbox. Poll worker has a clicker to count the number of votes placed in the box. When the polls are closed, a public counting occurs, where a third-party counts all of the votes up. If the number doesn't add up to the clicker number, they count again. Once their count has been confirmed, representatives of the various candidates are allowed to count it themselves, if they want, again under observation. If their number doesn't agree with the third-party number, they can dispute the count. Otherwise, the people present sign off that they witnessed the counting.

          Now, nobody can hack the system. Can a worker stuff the box? No, the box is plainly visible to public observers. This is VERY important. The press, and public watchdog groups need people at EACH voting station to make SURE the workers arn't on the take. Additionaly, bribing a vote counter or a poll worker, or any other sort of fraud, should be considered treason, and punished by life in prision. Again, there is no good way for the counters to disrupt the vote, because they are being watched. (Behind closed doors, democracy dies) Disputed boxes will be recounted elsewhere by somebody else, but still under public observation. To prevent rampant disputing, the campaign officials and watchdogs will face stiff fines if they dispute a vote, and the recount is not in their favour. Similarily, if the recount differs signifigantly from the original count, the official counters will face punishment. The end result is, it makes it quite hard to foul up a vote without being caught. And the punishments are dire enough to (hopefully) prevent most people from trying. There should also be more stations, so that no group is counting thousands and thousands of votes.

          This whole process is time consuming, and expensive (Small poll stations = lots of workers). But if bringing Democracy to other coutnries is worth hundreds of billions, isn't bringing it to yourself worth even 1? Also, I've never understood the need to have results NOW NOW NOW. Can't you wait a day? Is is so necessary to have the vote results within an hour? No doubt it would be nice, but is saving day of suspense worth potentially wrong results?

      • by AJWM ( 19027 )
        You're quite correct. I think the terminology is confusing. The logical thing is to deposit the paper receipt in a ballot box before leaving the polling place. The ballot boxes need only be opened and the receipts examined in the case of a challenge.

        Indeed, you don't want the voter to take it away with him as that provides a verification method for vote buying schemes. As it is now, you can bribe someone to go in and vote for your favorite candidate(s), but you have no guarantee that that's who they a

    • At a minimum, electronic voting machines need to print out a paper receipt.

      (NB: I'm in .CA) The electronic voting machines used here during our last civic election took our paper ballot, pancil-marked "X" beside our choice of candidates, and read it in. The ballot was a paper backup and any voter is welcome to stay around to watch a manual tabulation if need be. Tech has been my only job for ~20 years but I'd never trust it to decide on politicians. There is too great a chance of human error or subterfug
    • by LostCluster ( 625375 ) * on Friday January 30, 2004 @01:55PM (#8136608)
      But let's make this clear: The printout goes in the ballot box and gets left at the polling place... voters should not have the option of taking a receipt home. Voters should not have any way of obtaining proof they voted a certain way, because that'll lead to kickback schemes and bosses requiring their employees proving they voted a certain way.
      • Excellent point. That is the danger of printed receipts. They can be used as proof that you voted a particular way, allowing people to buy votes. Leaving the receipts at the polling place is a good solution.
      • Well you can give a receipt and make it difficult to impossible to track the voting record, figure this: 1) Joe Schmoe votes electronically
        2) Voting machine spits out receipt with a MD5 hash key of his vote record, it's one way, it can never be decrypted again to determine how user voted. MD5 hash is also stored on server

        Worst Case Scenario: Votes are suspected to be tampered. All voters are asked to submit their receipt. MD5 hashes are compared to what is on the server. If MD5 hash isn't the same,
        • by LostCluster ( 625375 ) * on Friday January 30, 2004 @02:05PM (#8136759)
          What good to the user is a receipt that proves nothing to the user, since he can't even decode his own hash. We don't let people take a stub of their paper ballot now...

          Use the computer to make a human and machine readable paper ballot, walk ballot over to box, leave it there... any complexities beyond that is just asking for trouble.
        • "figure this: 1) Joe Schmoe votes electronically
          2) Voting machine spits out receipt with a MD5 hash key of his vote record, it's one way, it can never be decrypted again to determine how user voted
          "

          Yeah, that'll be real hard to search for hash collisions on...

          if(md5("joe schmoe: CandidateA") == $STORED_MD5)
          print "Joe voted for candidate A"
          if(md5("joe schmoe: CandidateB") == $STORED_MD5)
          print "Joe voted for candidate B"
        • by Jerf ( 17166 )
          2) Voting machine spits out receipt with a MD5 hash key of his vote record, it's one way, it can never be decrypted again to determine how user voted. MD5 hash is also stored on server

          No, this is a good idea in concept but it won't work. There's generally only a very small set of possible voting outcomes, generally in the thousands, and that's brute-forcable in trivial time.

          You can't pad with a random number or any of the other tricks usually used to make MD5 useful even in these circumstances because th
        • I just imagined my grandparents coming home from an election, drooling about those funny letters and numbers on the slip of paper they got.
          Where would they put it?
          In a lucky case, it disappears behind a cupboard within minutes. In a less lucky case they switch slips with their neighbors because they mix them up with bingo charts.
          But probably they would just throw it away.
          So what would be the whole point of those printouts?

          IMHO you can not use automata to count votes until you can assure, no tampering with
      • by jmv ( 93421 ) on Friday January 30, 2004 @02:01PM (#8136702) Homepage
        Voters should at least be able to what got printed. Otherwise a paper receipt is useless, since the voter says X and the machine prints Y.
      • by ChrisKnight ( 16039 ) on Friday January 30, 2004 @02:13PM (#8136851) Homepage
        Exactly.

        What the machines need is a paper roll printer, with a glass window above the print mechanism that allows the viewing of only that last line printed.

        When the user casts their vote, they are instructed to verify in the window that the vote they cast is the one that was printed. If not, get an attendant.

        Nobody can cach in their vote chit, and with batches of votes on individal rolls of paper it would be a lot easier to tabulate than counting paper ballots.

        -Chris
      • by bilbobuggins ( 535860 ) <{moc.tnujtnuj} {ta} {snigguboblib}> on Friday January 30, 2004 @02:48PM (#8137292)
        But let's make this clear: The printout goes in the ballot box and gets left at the polling place... voters should not have the option of taking a receipt home. Voters should not have any way of obtaining proof they voted a certain way, because that'll lead to kickback schemes and bosses requiring their employees proving they voted a certain way.

        oh, the irony

        budget: $5 million
        time: 2+ years
        result: joe voter drops a paper slip in a box

    • What bothers me (Score:5, Interesting)

      by morleron ( 574428 ) <morleron@@@yahoo...com> on Friday January 30, 2004 @02:10PM (#8136815) Journal
      I heard the NPR story on yesterday's ATC and was struck by the reporter's failure to ask some hard questions. For instance, there was a statement by a Diebold spokesdrone to the effect that "we fix any security issues that we think could be a problem." There was no followup regarding earlier reports of a Diebold built-in backdoor to the systems "for maintainence purposes.' A back-door which, IIRC, required no password or user id to gain access to the server's databases.

      Also, there was no discussion of the debate between those of us that believe that the e-voting systems should be required to use Open Source software vs. folks at Diebold and other vendors, who foist off the "trust us, we know what we're doing" line on the public. There was no real discussion of the effect that questionable e-voting results could have on the American political system. There was also no mention of the fact that Diebold's president is involved with raising money for the G.W. Bush re-election campaign and has pledged, IIRC, "to do everything I can to deliver the vote to George Bush." All in all I'm afraid that NPR really dropped the ball on this particular issue.

      Just my $.02,
      Ron
      • Re:What bothers me (Score:4, Informative)

        by grondu ( 239962 ) on Friday January 30, 2004 @02:21PM (#8136949)
        Send mail to atc@npr.org and express your concerns.
      • Re:What bothers me (Score:3, Insightful)

        by stand ( 126023 )

        Good point! All this talk about hackability of the system and paper receipts and back doors obscures what should be the basic necessary but insufficient condition for any electronic voting system. Let me lay it out:

        If the code isn't open and viewable to the public, I don't trust it...and neither should you.

      • Re:What bothers me (Score:3, Insightful)

        by eric777 ( 613330 )
        You must have turned in late.

        He led the discussion with the whole Diebold 'committed to raising $100,000 for GWB' thing.

        Actually, I think he should have led with the paper trail issue - as others have said before, the GWB fund-raising thing is a red herring that makes voting machine critics look like tin-foil hat-wearing nutcases.

        At the end of the day, the Diebold people are clearly incompetent, and the system is hugely flawed. Those facts are hard-to-dispute.

        The idea that large groups of Diebold s

  • by Dr Caleb ( 121505 ) on Friday January 30, 2004 @01:48PM (#8136508) Homepage Journal
    I'd like to take this opportunity to coin the phrase "War Voting". :)
  • Just print out a freaking report of what was actually registered in the voting machines database. If it doesn't match up to what you input, get it fixed. Sheesh, how hard is that? Heat registered paper just like at the gas stations, it's almost free.
  • No No No! (Score:2, Informative)

    by Bucko ( 15043 )
    Paper receipts open the system up to vote-selling. Not good, and not allowed!

    The voter might be able to see the paper (under glass), but that's about it.

    J
    • Re:No No No! (Score:5, Insightful)

      by rsborg ( 111459 ) on Friday January 30, 2004 @01:56PM (#8136635) Homepage
      Paper receipts open the system up to vote-selling. Not good, and not allowed!

      The voter might be able to see the paper (under glass), but that's about it.

      Thats the WHOLE POINT of paper receipts! How useful is a machine if you can't verify it's results? The big thing with paper reciepts is that the voter then has proof for himself that *he* voted in a particular way.. he can't walk away with that proof... that proof is left for verification purposes only. How hard is that to grok?

      • It's the word 'receipt' that throws people. A personally verifiable vote has a paper 'trail', paper 'log', or paper 'record', but not a receipt.

        A receipt is something you take with you for your own records, and for your proof to other parties. Like those tidbits of paper that the IRS or your company's reimbursement desk wants to see.

    • Re:No No No! (Score:3, Insightful)

      by LostCluster ( 625375 ) *
      What's wrong with the current system? The voter looks at the paper, and if they like it take it to the locked ballot box that's next to the exits, and if they don't they hand it to an offcial who stamps "VOID" on it and they get another blank to try again...
    • paper = ballot , ballot is folded and goes in locked ballot box to be available if recount or audit is needed.

      Paper ballots and ballot boxes are used around the world. I am sure that American voters could cope with the inconvenience of being able to check that what they inputted was what got registered. (... and therefore no danger of vote selling, or at least no printed receipt to present for payment ;-)
  • Screw wireless (wtf are they thinking) voting.

    If you want accountability, put in some form of VERY hard to break security and go with it.

    Voter apathy is going to occur whether people can vote online or not.

    This is a rehash of all the other Diebold crap down in Fla. Until it's secure, imo this is non-news.
    Is it because it's in a different state? Or because it's an attempt at accountability?
    • The problem is much less whether or not the terminal is secure, but rather, the problem is if you can trust the machine to accurately record your vote. Install retinal scanners all you want, and you'll be pretty sure that only those allowed to vote will. However, you'll have done nothing to assure that their votes are accurately represented.
  • by LostCluster ( 625375 ) * on Friday January 30, 2004 @01:52PM (#8136573)
    Electronic counting is okay, but they need to be counting physical ballots, not bits. There needs to be a physical paper trail that leads back to clearly-marked ballots that indicate what the voters intended.

    The phone-in system is also a bit nonsensical. Ideally, the local counts should be published in each locality as quickly as possible, so that news organizations can do the math on their own, and any error introduced at any step in the way would quickly be noticed when numbers that are supposed to be the same don't check.

    Diebold seems to be in the business of selling solitions that are worse than the problems they claim to solve.
  • It's not a panacea (Score:4, Insightful)

    by aynrandfan ( 687181 ) on Friday January 30, 2004 @01:53PM (#8136587)
    The current hassles associated with electroninc voting have stuck me as yet another exmple of well-intentioned people using a technology as a panacea, then having it blow up in their faces.

    Electronic voting will not help if two candidates are neck and neck or the election becomes complicated in some other way. They also throw in a very significant variable: hackability.

    • by richg74 ( 650636 ) on Friday January 30, 2004 @02:10PM (#8136814) Homepage
      Electronic voting doesn't introduce any functional capability as compared to paper ballots, except for (possibly) faster counting of the results. (Of course, if the result doesn't have to be accurate, I can write a program that will deliver the result even faster. ;-)

      The other, related issue is whether or not the security model of the voting system is comprehensible to the people who are charged with running the election. I think that, in the case of paper ballots, the model can be understood by any normally-intelligent person. (You only get one ballot paper, it has to be put in the box, no one can mess with the box, etc.)

      On the other hand, I would guess that there are fewer than 5 in 100 election officials (including those that select the systems) that actually grok the security model of electronic systems.

      The frequently-heard claim by election officials (e.g, here in Fairfax County VA) that the election was held and "it all worked out" is scary evidence of this.

  • by Srividya ( 746733 ) on Friday January 30, 2004 @01:54PM (#8136592) Homepage
    Paper voting works very well here, we are very wired but we use paper to vote and if a recount must be made we recount the paper. Why so much money on computer systems? Computer systems are very hard to secure. Paper has already been secured.
    • The general population is becomeing dumb. As a whole, they would much rather touch a location on a screen which shows who they want to vote for rather than trying to either write his name down, fill in a check box, or use a punch machine.
    • by Ralph Wiggam ( 22354 ) * on Friday January 30, 2004 @02:21PM (#8136948) Homepage
      When people think of paper ballots, they think of hand counting. Electronically counted paper ballots are the best, most secure system I have heard of. If someone disputes the results, take the paper ballots and rescan them.

      A year and a half ago here in Georgia, Gov. Purdue and Sen. Chambliss both overcame 10 point poll deficits to win. There's no paper trail and no recount is possible.

      -B
  • by Nakito ( 702386 ) on Friday January 30, 2004 @01:54PM (#8136595)
    Isn't this a perfect example of the benefits of open source? Yes, you can hire a team of hackers to attack a black box, but it's just an ad hoc approach, and tomorrow or next week or next year some other hacker will find another weakness that wasn't found in the first pass. Wouldn't you end up with a much more secure system if you could openly and systematically apply those same efforts to reviewing the code inside that black box?
  • by NixLuver ( 693391 ) <stwhite AT kcheretic DOT com> on Friday January 30, 2004 @01:54PM (#8136601) Homepage Journal
    Read the book - even the first chapter [gregpalast.com] - and you'll realize that a 'recount' isn't what we thought it was in 2000. No actual counting went on. We're just asking - no, begging - for a repeat of the constitutional rape of the electorate that happened in 2000.

  • Tamper tape (Score:5, Insightful)

    by trickofperspective ( 180714 ) on Friday January 30, 2004 @01:55PM (#8136609) Homepage
    Great idea... cover the locks with tamper tape. So rather than rigging the election outright by going to the trouble and difficulty of changing the votes on the server, etc., criminals can do it by disqualifying voting machines by breaking the tape, disenfranchising thousands of voters at a time.

    (Can they cover the software issues with tamper tape, too? That might be helpful.)

    -Trick
    • Good point!

      There should be some way to identify a compromised voting machine. But it can't be something so simple as tape on the locks. The voting system should be so secure from the start that the tamper identification system never gets used. And the tamper identifcation is to ensure that no tampering was done. Throwing out all the votes from suspicious machines would be a disaster!
    • Great idea... cover the locks with tamper tape. So rather than rigging the election outright by going to the trouble and difficulty of changing the votes on the server, etc., criminals can do it by disqualifying voting machines by breaking the tape, disenfranchising thousands of voters at a time.

      Exactly. This points-out the difference in thinking of the hacker's mind. An election official thinks adding complexity (tamper tape) to the system would raise the bar for mischief. Now, instead of just being ar

    • Re:Tamper tape (Score:2, Interesting)

      Indeed. Even as they mentioned this on NPR I commented to my wife "great, now operatives for one side can ruin the votes of people in districts that overwhelmingly vote for the 'wrong' guy"

      However, tamper tape need not invalidate the votes; it could merely mean the machine is subject to an extensive review of the logs. Increasing time/cost/unreliability, but not necessarily resulting in total disenfranchisement.
  • Maryland Bill (Score:5, Informative)

    by pigpen_ ( 56028 ) <leklund@tastytronic.net> on Friday January 30, 2004 @01:55PM (#8136621) Homepage
    There is a bill before the Maryland State House that would require a voter verifiable paper trail on all electronic voting machines in the state of maryland. The bill also calls for a random sampling of the paper ballots to ensure that the electronic count has not been tampered with. House Bill 53 [state.md.us] was just read into the ways and means committee two weeks ago but with the release of the reports I hope there it can gain more support and pass the house.
  • by Anonymous Coward on Friday January 30, 2004 @01:57PM (#8136640)
    I don't understand why voting machines are being introduced in the first place. Is it just the stupid perception that "if it's automated, it must be better"? In fact, by introducing machines, you're just introducing a hell of a lot more problems, and possible failure points, as well as making the whole process more opaque.

    In the Canadian federal elections, IIRC, as well as the Ontario provincial elections, voting and counting is still done by hand. At every stage a paper record is created, so that if any irregularities are suspected, the whole process can be audited. I believe such an inquiry was undertaken in Quebec after some tricky vote counting in Quebec after the last referendum.
  • So what? (Score:5, Funny)

    by thinkpol ( 51932 ) on Friday January 30, 2004 @01:57PM (#8136641)
    What's going to happen? We'll elect someone who didn't get the most legitimate votes...?

    wait..
  • by Entropy_ajb ( 227170 ) on Friday January 30, 2004 @01:57PM (#8136643)
    " Removable memory cards inside the machine can be tampered with if a lock is picked or if one of thousands of keys is stolen." - From the Article

    If I could pick the lock or steal a key to the paper ballot box, I could tamper with the votes too.
  • Oh Canada! (Score:5, Insightful)

    by addie ( 470476 ) on Friday January 30, 2004 @01:58PM (#8136668)
    My home and native land,
    We use a simple paper ballot,
    That all can understand.
  • My favorite quote (Score:2, Insightful)

    by Anonymous Coward
    "You are more secure buying a book from Amazon than you are uploading your results to a Diebold server," said Wertheimer, recommending several changes to increase security.

    Can't think of anything else to add to that comment.

  • If I may reason... (Score:4, Insightful)

    by rcastro0 ( 241450 ) on Friday January 30, 2004 @02:01PM (#8136706) Homepage
    I RTFA. But regardless of how poor this "AccuVote" implementation is, electronic voting can work -- and will prevail, if technophobic feelings are kept at bay. All it takes is some smarter dude to do the development.

    The reasoning is simple:

    ATMs exist.
    • An ATM is simply a self-service machine that replaces the human teller for most simple transactions. Instead of the bank employee entering your account number, you give a card and a PIN. Instead of the bank employee typing in the value you're requesting, you type it in. Instead of the bank employee counting the cash, the machine does. Instead of the bank employee handing you the money and the reciept, you take it out of the slot. In the end, the same computer and physical records are created.

      What these bal
    • When you read quotes like "You are more secure buying a book from Amazon than you are uploading your results to a Diebold server," and keep in mind that there are a lot of studies that show that people still have qualms about the security of online shopping, it's not surprising that some people develop strong, technophobic and other kinds of negative feelings towards these voting machines. Who in their right mind who is already skeptical of online shopping vote on machines that can be easily compromised?
    • by RobinH ( 124750 ) on Friday January 30, 2004 @02:24PM (#8136975) Homepage
      ATMs exist.

      Yes, and they give you a paper receipt. And the banks are audited by a third party. And they can count the money still left in the machine to see if it matches what the machine says it should have, and that money is paper cash.

      Why not do this: have the machine ask you all the questions, and print it out in human readable form with a 2D barcode of the same information. You check the sheet over and verify it's what you really wanted, or you put it in the handy-dandy shredder right beside it, and do it again. When you're satisfied with the result, fold it in half, take it to the ballot box and stuff it in there.

      Then, to count it, open the box, scan the 2D code on every piece of paper, and the results are tabulated. If any of the results look suspect, then you can still use the paper for a manual recount, using human eyes.

      Also, for every election, select 10% of the ballots at random and manually verify that the 2D barcode matches the human readable portion, just to audit the system. Obviously the auditing system has to be from a different vendor than the voting terminal.

      Just one Canadian's opinion. Myself, I'm happy with a pen and paper.
    • "All it takes is some smarter dude to do the development."

      No, all it takes is less corruption between the vote-machine makers and the politicians currently in office.

      Take back the power, before it's totally out of your reach.

      --rhad

  • by dkleinsc ( 563838 ) on Friday January 30, 2004 @02:04PM (#8136744) Homepage
    The NYTimes article mentioned in passing the work started Bev Harris, as described in her book [blackboxvoting.com],and said that "Diebold stated that the code used by the researchers, which had been taken from a company Internet site and circulated online...". What actually happened is that supposedly private code, which no one should have been able to get to, was left in a wide open FTP server. And these are the guys we're supposed to trust with our elections. At this point I can't figure out whether Diebold's lack of security is due to malice or incompetance.
  • by Bimo_Dude ( 178966 ) <bimoslash@@@theness...org> on Friday January 30, 2004 @02:05PM (#8136758) Homepage Journal
    There was a very similar post about this in August on Slashdot [slashdot.org]
    It seems now that Maryland is finally catching on, too.
    • It seems to me that there are a few things that could be done to ensure proper and accurate elections
    • Allow exit polling by the press again
    • Have the voting machines print paper receipts
    • Do not let convicted felons be on the board or otherwise associated with the companies that sell / manage these machines. After all, they are not even allowed to vote themselves, so why should they be allowed to control the systems that count our votes?
  • In other news: (Score:2, Interesting)

    by Anonymous Coward
    There were recently a couple of good articles over at SecurityFocus:

    Internet voting system for overseas Americans is vulnerable, security experts say [securityfocus.com] - and their comments extend to a scathing debunking of *all* internet voting methods.

    A slightly older, but very thorough, article by Scott Granneman entitled the Electronic Voting Debacle [securityfocus.com].

    Oh, and I can't leave without mentioning the essential Black Box Voting [blackboxvoting.org] site...

    [posted as an AC as I don't want to whore the karma]

  • by akad0nric0 ( 398141 ) on Friday January 30, 2004 @02:10PM (#8136813)
    I worked for a nameless financial institution. We had a certain number of Diebold Windows XP ATM's. 100% got infected with a virus that exploited a well-known vulnerability. We demanded Diebold agree to forfeit admin control of the systems or patch them within a short window of patch release.

    Their response: "We'll put firewall software on the machines."

    Since the contract was already signed we had no leverage and that ended up being the solution. Nice, eh?
    • Linda H. Lamone, the administrator of the Maryland State Board of Elections, assured lawmakers that the board would comply with many of the recommendations but said that some of them would be impossible to put in place before the primary.

      "I don't disagree with what they say -- they're the experts," Lamone said after the Senate hearing. But, she added, "I think it's a very good system."

      Did she twirl her hair in her fingers and chew bubblegum when she made that last statement?

      (Washington Post article)

  • Other problems (Score:4, Insightful)

    by Atryn ( 528846 ) on Friday January 30, 2004 @02:13PM (#8136841) Homepage
    Did this consultant organization test issues relating to interference with the process as well as alteration of the results? One of the issues in FL in 2000 was whether or not certain voter groups had their ability to reach the polls "interfered with" by police, etc.

    Suppose I know the tendency of a district and I would rather that districts results are lost. Examples of activity to interfere would include:
    1. Cutting Power
    2. Electromagnetic Interference (burst device wiping out memory cards)
    3. Knocking out wireless infrastructure (cell towers, radio repeaters, whatever they use)
    Some folks would say that we are overreacting and that all of these criminal activities have current-day equivalents. But without a paper-trail you only need to wipe one memory card remotely to kill hundreds of votes before they are sent to the server.
  • by PaulMaximne ( 746608 ) <paulNO@SPAMblueiris.us> on Friday January 30, 2004 @02:13PM (#8136846) Homepage
    I'm one of the people who did this and you should take a look at the acutal report before you start ranting.
  • MyDoom says Hi (Score:5, Insightful)

    by theolein ( 316044 ) on Friday January 30, 2004 @02:13PM (#8136853) Journal
    Linda H. Lamone, the administrator of the Maryland State Board of elections, said that the group had produced "a very good report," and that the state would take its recommendations seriously.

    Still, she noted that tampering with voting equipment is a felony. "I'm not sure how many people would be willing to get a felony conviction and risk going to jail over an election," she said. Citing the problem of easily opened locks on the machines, she said an attempt to unlock a machine "would be very unlikely to succeed, because it would have to occur in a public place."


    This woman should be fired from her job. She basically states that because some act would be a crime that no one would do it!!!

    Did that stop Richard Nixon?
    Did that stop whoever blew valerie Plame's cover?
    Did that stop the authors of MyDoom from writing the virus?
    Did that stop all the people in the US who committed crimes last year?
    Did that stop Ken Lay and the fine folk at Enron?
    Did that stop Halliburton from overcharging the Army?

    What a fucking joke. It could have been a Microsoft security advisory for all the good it will do.

    My premontion: There will be massive irregularities in the 2004 elections and guess who will win again?
  • by DroopyStonx ( 683090 ) on Friday January 30, 2004 @02:14PM (#8136864)
    Considering there's a vulnerability in almost anything (and just a matter of time before someone finds it), I think at *this* point in time it is a very bad idea to make something as important as VOTING something we can do online.

    The last thing we need is a botched up election with later claims that the system was found vulnerable, etc..

    It's handy, no doubt, but maybe we should wait a bit...
  • Let the governments buy the machines, and then hack them so Mickey Mouse (or some other fictional character) wins the presidental election in a landslide. Prove beyond a doubt to even the dullest mind that these machines are flawed in ways that can not be easily fixed.
  • Why the rush? (Score:3, Insightful)

    by Le Marteau ( 206396 ) on Friday January 30, 2004 @02:15PM (#8136875) Journal
    I really don't get it. Why are people so hard for getting the frickin' election results the night of the election? What is the rush? Why not do it the old fashioned way... paper ballots, counted by hand, by a team of old ladies. So we get the results a week after the fact. So what? Again, what is the big rush? I say, chill out, and do it by hand, with paper and pencil.

    One more thing. Where are these people from, who authorized computerized voting. Have these people never used a computer before? Have they never lost their work due to a system problem? I can only assume that they don't give a damn about election integrity, and that is telling.
  • William A. Arbaugh, an assistant professor of computer science at the University of Maryland and a member of the Red Team exercise, said, "I can say with confidence that nobody looked at the system with an eye to security who understands security."

    Mr. Wertheimer said the application of security was inconsistent, with encryption applied in some places without the accompanying technology of authentication to ensure that the machines that are communicating with each other are the ones that are supposed to be
  • by pz ( 113803 ) on Friday January 30, 2004 @02:16PM (#8136900) Journal
    Whenever I hear about the latest and greatest electronic voting scheme, it gives me pause to wonder who is behind this.

    Mechanical voting machines have proved effective and relatively reliable for many, many years. I've heard the claim that the company that once manufactured them has gone out of business and that spare parts are no longer available. I say, BUNK. Given the amount of money that will undoubtedly be spent on engineering incredibly vulnerable systems which will be obsolete in a few years as compared to the previous systems which worked fine for a few decades, it would be a trivial task to have new parts designed and produced for the older machines.

    Whose boondogle is the whole idea of electronic voting?
  • by galego ( 110613 ) <jsnsotheracctNO@SPAMgmail.com> on Friday January 30, 2004 @02:18PM (#8136919)
    But here's a review done my Univ. of Maryland's HCIL group (Human Computer Interface Labs). They presented their review at a symposium and it wasn't all that great ... anyway here's a pdf if anyone's interested. Had some major interface issues according to the presentation.

    http://www.capc.umd.edu/rpts/MD_EVoteEval.pdf [umd.edu]

  • It looks like... (Score:3, Informative)

    by rickyjd19 ( 719538 ) on Friday January 30, 2004 @02:20PM (#8136932)
    ...we will never have the perfect voting system. If these electronic voting systems prove to be worse than the infamous punch-card ballots (which is what people seem to be suggesting) then electronic voting may have defeated its purpose. Maybe we should stick to the kind of ballots we have where I live in Iowa: you mark the ballot with a marker, and it gets read by computer, much like standardized tests do. It's reasonably accurate and can be counted by hand if needed, and is not so prone to hacking. P.S. - sorry if I submitted an empty comment earlier - my mistake
  • by praedor ( 218403 ) on Friday January 30, 2004 @02:23PM (#8136964) Homepage

    hacking into the voting computers. It's the insiders with an agenda that I am concerned about. The ONLY way to get around this is with a voter-verifiable paper trail AND taking the vote counting away from corporations that create the machines and putting the counting where it belongs: citizen groups.


    Diebold and ALL the other commercial vote machine vendors are heavy Republican donors and, particularly in the case of Diebold, run by individuals devoted to getting Republicans elected and Bush elected (I can't say "re-elected" as he didn't get elected in the first place). THESE criminals have the means and motive to taint the vote...in secret! They are in control of the machines and the vote tallies. They cannot be trusted, given how openly partisan they are.


    It is NOT the random outside hacker we need to worry about that much (sure, protect against it), it is the machine makers and vote counters themselves that have to be protected against. Ask yourself this: Why is it that EVERY vendor of voting machines are so adamantly opposed to any paper trail possibility? Why are they so strenous in their arguments against it? Because it would queer their ability to tamper with the vote tallies.


    Voter-verifiable paper trail. It's the only way to be sure.

  • by zoloto ( 586738 ) on Friday January 30, 2004 @02:38PM (#8137149)
    I certianly don't feel safer about amazon.com
    "You are more secure buying a book from Amazon than you are uploading your results to a Diebold server," said Wertheimer, recommending several changes to increase security.


    I mean, we remember what happened a while back right? If I recall there were a number of security related risks regarding customer information... or did they release that information on a voluenteer basis?
  • might do good. (Score:5, Interesting)

    by supernova87a ( 532540 ) <kepler1@hotmail.OPENBSDcom minus bsd> on Friday January 30, 2004 @02:39PM (#8137159)
    who knows? It might just take a result of "George Bush: 99.9%, xyz 33.5%, 105% of precincts reporting, 803 million registered voteres" for people to wake up and realize that there is a problem here.
  • by John Murdoch ( 102085 ) on Friday January 30, 2004 @02:49PM (#8137296) Homepage Journal

    Would you like to steal an election? Here's a quick survey of how to do it. I'm absolutely serious: I've been involved in political campaigns for years, and have held elected public office. And one of the reasons I'm no longer actively involved in party politics (per se) is that I caught one of my committee people doing some of the shenanigans I mention below.

    First--don't waste your time trying to cheat inside the polling place.
    You would think the obvious place to steal votes would be in the voting booth, right? After all, bank robbers rob banks--so election crooks would gravitate toward polling places. Right?

    Wrong. The place to steal elections is in absentee ballots.

    Absentee ballots: the mother lode of vote fraud
    Let's suppose that you learn that you've been scheduled for a trip out of state that will keep you from voting. You can call your county courthouse and ask for an absentee ballot application. They'll send you a form, which you fill out and return, and then you'll get an absentee ballot in the mail. You fill out the ballot and send it back to the courthouse by the due date--congratulations! You have voted absentee, and your vote has made the nation stronger. In a perfect world, that's how absentee ballots are supposed to work.

    Over the past twenty or twenty-five years the absentee ballot process has, um, changed. In a blowout absentee ballots are meaningless--but in a closely-contested race a handful of absentee ballots can be the difference between a "moral" victory and the real thing. (As a college student I functioned as an "absentee ballot captain"--identifying college students in the Philadelphia area who lived in the 10th congressional district in Illinois. I got them registered to vote at home, and made sure they voted absentee. I put in scores of hours of work--and turned in something like a dozen votes. In 1978 we lost the election by 6 votes--in a special election in 1979 we won by something like 120.) As the value of absentee ballots has become more apparent, people have started to cheat. (The rules for absentee ballots, and the opportunity to cheat, really expanded dramatically with the "Motor Voter" bills that got jammed through state legislatures in the early 1990s.)

    How to steal absentee ballots
    The simplest way to steal absentee votes is to work your way through nursing homes. The ideal method is to have a dedicated party worker who is a resident of the nursing home--but you can also send in a "volunteer." Nursing homes love volunteers who come to visit--so it's easy to plant somebody. However you do it, your party worker announces that she (or he) wants to help everybody participate in the election. Nothing wrong with that, right? So she distributes voter registration cards (perhaps with your party already checked), and promises to make sure that all the cards get turned in to the courthouse. When election time rolls around, she points out that senior citizens can get absentee ballots without question, and without anything like a doctor's note. All you have to do is ask. So Helpful Sally signs up everybody for absentee ballots. And since the absentee ballot is a bit confusing, Helpful Sally helps everybody fill out their ballot. As a general rule, Helpful Sally is going to get in trouble if she tries to buffalo people into voting for her candidate for governor--but practically nobody knows the names and/or positions of candidates for judge, for district magistrate, for local races--even for state legislative positions. All Helpful Sally has to do is say, "if you don't know the candidates, just leave the ballot blank." Oh, how helpful Sally really is. And to be really helpful, Helpful Sally offers to save the voter the cost of the stamp: she'll take the ballot to the courthouse herself, so your vote won't get lost in the mail.

    Once the ballot is done, Helpful Sally can do two things. If the voter picked the wrong office, Helpful Sally can simply "lose" the ballot. Unless the senior citiz

    • Oregon voting (Score:3, Informative)

      by gblues ( 90260 )
      Actually, voters in Oregon are required to sign the envelope before they put it in the mail. While it's not foolproof, it's obvious if every ballot has been signed by the same person.

      Nathan
  • by RadioSilence ( 664537 ) on Friday January 30, 2004 @02:55PM (#8137363)
    Maybe instead of putting fully networked machines in front of the voter, we should look at this a different way:

    1) Start with each machine being configured to run stand-alone.
    2) The voter places their votes, and is issued a paper reciept containing who you voted for, and what booth you used (perhaps a machine readable only side to give to the attendant, and a human readable side that you keep, for privacy) with their entries encoded into a bar code of sorts, as well as being recorded locally.
    3) They bring the reciept to the person administrating the voting at that location, who takes their reciept and runs it though a reader which tabulates the votes for the whole voting session.

    In the end those results are tallied against the individual voting booths, and as well as having a paper trail to fall back on, and it prevents someone in the booth from being able to do any more damage than corrupt whatever was done on their machine. And if the attendant tries anything with his machine, the count between the different booths will also be thrown off, and it would be very difficult (never say impossible) to destroy reciepts for one specific person because of the encoding.

    Throw strong encryption and a minimal and hardened OS into the mix, and it might actually be reliable.
  • democracy inaction (Score:4, Interesting)

    by frankie ( 91710 ) on Friday January 30, 2004 @02:57PM (#8137398) Journal
    As a Maryland resident, I've tried to do my part. I contacted my elected officials [mdelect.net] and warned them about Diebold. I sent another round of faxes and emails after we learned that Diebold planned to gouge us "out the yin-yang" [google.com] if we wanted verified voting. Final results: a couple form letter replies amounting to diddly squat.

    The most frustrating part is that my county already had perfectly good voting machines: paper-based scantron-type forms where you mark the appropriate rectangle and a simple scanner tabulates the results. Effective, verifiable, well-understood, and relatively inexpensive. In other words, the complete opposite of what the state just bought for us.

    --
    Approve Approval Voting Now! [geocities.com]
  • by annielaurie ( 257735 ) <<annekmadison> <at> <hotmail.com>> on Friday January 30, 2004 @03:02PM (#8137446) Journal
    As a longtime Maryland voter, in my observations this situation has far outstripped the technical problems with the Diebold systems. The problems have been well documented--from the issues in California, to testimony of various experts before our own state legislature, and now another group of experts. We've had secret e-mails exposed, we've had experts from Johns Hopkins (Maryland's academic Holy of Holies), and ample warnings from all manner of well qualified individuals. Now people from the NSA (Maryland's second governmental Holy of Holies, next after Social Security) have weighed in.

    What does all this tell us? Well, I think anybody with a modicum of sense can see that the Diebold system is badly flawed. The Baltimore Sun has spelled it out in words that even non-technical people can understand.

    What we have here is an elections board made up of political hacks, all trying to cover their individual and collective arses so they can continue to feed at the government trough. They made an ill-considered and ill-advised purchase of these machines, and they'll stop at nothing to excuse themselves and to see that we're forced to vote under the ridiculous circumstances they've imposed on us. Trying to make logical sense of what they say is an exercise in futility.

    Didn't somebody once say that the OSI model had an eighth layer--the political layer? Well, fellow Marylanders and assorted interested parties, that's where we're functioning now. The merits (and lack of merits) of the Diebold system are a moot point, and I fully expect to be voting on one in November.

    I have to echo a question asked by someone else: What is/was wrong with the voting machines we used for so many years?

    Anne

  • by ucsckevin ( 176383 ) on Friday January 30, 2004 @05:02PM (#8138549) Homepage
    The problem with paper voting wasn't the counting system, but the innacurate/non standardized methods of presenting the cadidates, and making people put a hole through a piece of paper paper. Instead, let voters select their candidates on screen, have the ballot be printed (maybe with a barcode!) and have them hand it in to the moderators. It solves the problem of clarity/standardization, and you're not doing electronic tabulation.
  • NPR - Better link (Score:3, Interesting)

    by eclectic4 ( 665330 ) on Friday January 30, 2004 @05:17PM (#8138665)
    Electronic voting is ill-fated on many levels. If you have the time please, PLEASE listen to "The Annoying Gap Between Theory and Practice" audio found here [thislife.org]. Just do a search for "The Annoying Gap Between Theory and Practice" in the search window in the left column. It fills many gaps as far as understanding the fundamental "problems" with e-voting, and it's quite an eye opener. Good luck.
  • what if... (Score:3, Interesting)

    by Sebastopol ( 189276 ) on Friday January 30, 2004 @08:30PM (#8140490) Homepage
    i read many of the posts here about disrupting the process, or tampering with votes between submission and counting.

    my question is: suppose someone DOES manage to wipe out or tamper a bunch of votes, and the volunteers realize it. would the county actually admit they just lost 10,000, 20k, 30k votes by accident? there's no way you could sue the county, so all these folks would be denied their constitutional rights with no way for recourse.

    in the neon of agrajag:

    be afraid, be very afraid...

"You know, we've won awards for this crap." -- David Letterman

Working...