Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
The Courts Government News Politics

California Sues E-Voting Vendor ES&S 185

Gustoman writes with news that the California Secretary of State has sued ES&S, a vendor of e-voting machines, for selling machines that were modifications of the model that has been certified. Apparently ES&S relocated two circuit boards, rerouted several internal cables, and changed some mounting bracket supports in their AutoMark A100 devices, named the modified version AutoMark A200, and sold 972 of them to five California counties. The changes sound somewhat trivial, but the certification contract specified that no "substitution or modification of the voting systems shall be made with respect to any component of the voting systems... until the secretary of state has been notified in writing and has determined that the proposed change or modification does not impair the accuracy and efficiency of the voting systems sufficient to require a reexamination and approval." The state is seeking a penalty of $10,000 per machine sold, plus the cost of the machines to the counties — almost $15 million in all.
This discussion has been archived. No new comments can be posted.

California Sues E-Voting Vendor ES&S

Comments Filter:
  • Could they go bankrupt and we won't see any more voting machines?
    • Re:Any hope? (Score:5, Insightful)

      by deniable ( 76198 ) on Wednesday November 21, 2007 @03:45AM (#21432373)
      I was thinking the same thing. The problem is you can raise the bar high enough that corruption becomes viable for both sides. This case will hopefully make the chuckle-heads behind the voting machines realize that they need to be building bulletproof systems and not barely good-enough consumer goods. Think embedded system rather than an MS Access 'solution.'
    • Re:Any hope? (Score:5, Insightful)

      by Slashidiot ( 1179447 ) on Wednesday November 21, 2007 @05:54AM (#21432953) Journal
      For me, it has always been surprising that you americans have all these problems with voting machines. Voting is a simple enough proccess, why would anybody need a machine to do it?

      I think it's always better to do it the traditional way, you go there with your ballot and put it on a clear box, after somebody has checked that you are who you say you are, and that you are supposed to vote. Painfully simple, completely fool-proof. It takes a bit more people to do it, but it's just as being in a jury.

      I see absolutely no downside about doing it the traditional way. Is there any reason to do it with machines in america, or you do it that way just because it's cooler?
      • Re:Any hope? (Score:4, Insightful)

        by hazem ( 472289 ) on Wednesday November 21, 2007 @06:59AM (#21433205) Journal
        The answer to your question is in your post.

        It's true that voting is simple process. Rigging a vote, however, is not as simple; and printing ballots does not have as high a profit margin as selling a voting machine.

        The reasons for the machines and the reasons for the non-traditional way are: to make more money for friends (and campaign contributors) of politicians and to facilitate getting the desired (and paid for) result from an election.

        It has nothing to do with the intelligence or lack thereof in the American voting populace.
        • Re: (Score:2, Interesting)

          by rucs_hack ( 784150 )
          what an intriguing mix of insight and paranoid nonsense.

          Voting machines do not exist for people to buy elections. They exist because it monetizes the election process, allowing people to get wealthy by controlling a process that is required in a democracy.

          The problem is that it's potentially so lucrative, that these guys are rushing into the process, talking up security, trustworthiness and stability, whilst simultaneously ignoring those same things in the interest of gaining the mighty buck, and the mighti
          • Re:Any hope? (Score:4, Insightful)

            by ArsenneLupin ( 766289 ) on Wednesday November 21, 2007 @09:19AM (#21433775)

            You can't spend much money in jail, and they'd go away for a very long time.
            They won't be doing that much time for a failed attempt at fixing the election. And, as has been shown in Florida, and 4 years later in Ohio, they will do no time for a successful attempt.

            Think about it.

          • Re: (Score:3, Interesting)

            by Cro Magnon ( 467622 )

            You can't spend much money in jail, and they'd go away for a very long time.


            To quote Aladdin in the Disney movie, "You're only in trouble if you get caught". Like most criminals, they don't expect to get caught.
        • Printing ballots has a much higher profit than selling voting machines. If you sell a voting machine, you make a bunch of money, right off, but there's R and D, manufacturing costs, etc.

          Printing has a real margin, and the revenue keeps recurring.

          The most profitable thing IBM ever made, up until the IBM PC, was their PUNCH CARD.

          I think support for the machines might generate enough recurring revenue to beat the paper, but the machines themselves are probably not as good a way of taking money from a governme
      • by batkiwi ( 137781 )
        That "system" also makes:
        -corruption/subversion trivial
        -counting error prone
        -counting OFTEN up to human judgement, which is never unbiased (hanging chad, etc)

        Great one, there.
        • Oh, good points! So that's why all elections have been failing in the civilised world! Yes, yes, I can see it now, every election in Europe was bought by the largest party, just because they could, it being so trivial!

          Or you could have been following the discussion and reading up on the reality of voting and how that works without machines, you would have known that it isn't all as easy and trivial as you like.

          Just a couple of pointers to help you on your way: paper trail, possibility of recount, multiple p
          • Re:Quite right. (Score:4, Informative)

            by AvitarX ( 172628 ) <me&brandywinehundred,org> on Wednesday November 21, 2007 @09:50AM (#21434025) Journal
            In Europe minority votes count for something and you have more than 2 credible parties. That makes rigging an election far less valuable.

            In the US just a few thousand votes in a key are brings your party from a lot of control (president) to very little (Democrats in the Senate and House can't get shit done).

            With razor thin margins and 49% of the vote counting for nothing it is possible to subtly change the votes and drastically alter the political landscape.

            In 2000 Florida was withing 1/100th of 1% (0.01%) and would have made Gore the president. I doubt there is many places in the rest of the world where so few people in such a small area could cause such a dramatic shift. This makes the risk/reward analysis in the US much different than other places with your minority reresentation and 3+ parties.
            • Re: (Score:3, Interesting)

              by Dirtside ( 91468 )

              In Europe minority votes count for something and you have more than 2 credible parties

              As a U.S. citizen, I'd be happy with more than zero credible parties.
        • by QuantumG ( 50515 )

          counting OFTEN up to human judgement, which is never unbiased (hanging chad, etc)
          hanging chad? Did you miss the whole freakin' point of the discussion or what?

          The rest of the democratic world doesn't have chads. We don't punch cards.

          • Re: (Score:3, Informative)

            Does the rest of the democratic world have ballots that can be up two 8.5x14 pages thick?

            The November 2006 California Gubernatorial election had seven statewide offices and twelve ballot propositions (Californians can enact laws through ballot propositions). This was just the statewide offices - it doesn't count any local offices, initiatives or municipal boards. And this was a small one. The California Presidential primary election in February, 2008 has seven state-wide propositions, with thirty two more i

            • Re: (Score:3, Interesting)

              by bjorniac ( 836863 )
              No. We elect a government and all the other ballots can go some other time. Why not have a presidential ballot that you do first, on paper, and then a machine in the next room for all the less important (ie local ordinances etc) stuff?
      • by l2718 ( 514756 ) on Wednesday November 21, 2007 @07:36AM (#21433343)

        I see absolutely no downside about doing it the traditional way. Is there any reason to do it with machines in america, or you do it that way just because it's cooler?

        The US, being an enormous country, has a many levels of government. Unlike many other countries, it runs all elections for all levels of government on a fixed date (some Tuesday in November), rather than spreading them around the year. Of course, not every position is up for election every year, but still this means that the "ballot" contains tens if not hundreds of separate elections, ranging all the way from the US President to the county water board and the town mayor, not to mention multiple "ballot initiative" (direct legislation). Each election (especially president, governor etc) can feature tens of candidates (most of them irrelevant). Printed ballots are thick booklets; both filling them correctly and manually reading them is a non-trivial operation. Also, manually tallying the votes in these hundreds of elections takes a lot of time.

        This is not to say that this was not done manually in the past, but certainly using computers greatly simplifies the process. I think the best solution is to use computers to generate the ballot, but only use computer counts provisionally. That is, the voter will step up to a computer and will make selections, after which the computer will print a filled ballot that can be optically scanned. The computer will also tally the votes giving a quick result for most of the races. Nevertheless, the printed ballots should be considered the official votes, the ones to be used if a recount is necessary. In important races (President, Governor) it's probably better to automatically count the printed ballots and only use the computer counts for provisional results. Note that this also allows for people to manaually fill their ballots if they feel like it.

        • I have voted in two states (in different elections, although disturbingly there doesn't seem to be an effective mechanism in place to prevent simultaneous), and in both the ballot was a single, sometimes double-sided piece of large card-stock. Bigger than legal-sized paper, but certainly not so big as a booklet.

          I agree with your second paragraph, except I don't want to waste time and money on electronic voting for everybody. It should be a couple of machines for people with special needs. I can wipe a ma
        • by Splab ( 574204 )
          So you turned to computers to fix a problem that shouldn't exists in the first place? We also got multiple elections here, not to the granularity of the US but we still manage, how? We hold the elections spread out over the year, makes everything less confusing for the voter so the votes end up in the right place.
      • Re: (Score:3, Informative)

        Comment removed based on user account deletion
        • Re: (Score:3, Insightful)

          by stiggle ( 649614 )
          Why do you need instant reporting though?
          The posts being voted on don't change for a few weeks after the elections, so its not as if you need an instant tally.

          Votes should NOT be counted until the final polling stations have closed, otherwise the results from one station could affect the results in another. This could be a problem with the USA as it has multiple timezones, but they could just do their exit polls and then count the votes the following day and get the results in a reasonable civilised manner
        • I think "instant reports before the voting is completely over" should be an illegal practice. Exit polls are one thing, but publishing "official" vote results before everyone has finished voting? That doesn't strike me as productive to the democratic process.

          =Smidge=
          • by Splab ( 574204 )
            Exit polls suck!!!!!!!! (+thousands of ! more)

            We just went through an election, one of the national medias decided to make a prediction using exit polls and first 4000 counted votes (all voting places were closed). "If this holds this will turn out to be a major landslide". I had to find something else to do at that point :)
            (No it didn't end up with any kind of slides, just the slightly above 50% on one side)
            • It is precicely BECAUSE exit polls suck that they are unlikely to influence the election. Also, if polls are closed throughout then that's not a problem either IMHO.

              The problem is when you start announcing a "winner" before everyone has voted, which may disenfranchize people who would otherwise have voted for the "losing" candidate.
              =Smidge=
      • by Atario ( 673917 )
        You'll have to forgive our desperate, gun-shy search for an alternative to paper ballots; you see, back in 2000, we had this problem [wikipedia.org] with them [wikipedia.org], and, well, we wound up kinda screwed... [wikipedia.org]
        • by Splab ( 574204 )
          Holy crap! How can anyone figure out whats supposed to happen with that butterfly ballot?

          Here in Denmark you get a ballot thats a mile long and you put a mark at the line where you want to vote. (Multiple ballots when voting for more than one thing)
        • But that's still a solution looking for a problem.

          Paper Ballots != punchcard ballots.

          While supporters of paper ballots will probably argue as to the exact details (Pen! Pencil! Marker!), the fact is it's trivial today to print out scannable ballots, anybody who's attended school past elementory should be familiar with them, recounting is easy in multiple fashions, and they're far more cost effective - professionally printed paper ballots should cost less than ten cents each. You'd have to feed five thousan
      • See, here we don't actually CHECK (by law) if you're a citizen or not, when you register to vote. When you sign up for your drivers license - citizen or not - you're given the opportunity to register to vote, so anyone with a US driver's license (which only requires proof of address and identification - a credit card and a cell phone bill will suffice for those two items) can register to vote.

        And in fact, by LAW we're prohibited from even checking to see if you are who you say you are when you go to the

      • by roystgnr ( 4015 ) *
        Voting is a simple enough proccess, why would anybody need a machine to do it?

        Voting is an irrational process from a selfish perspective - the sum of the probabilities of me changing an election times the magnitude of the effect each election has on my own life is negligible even compared to the inconvenience of waiting in line to vote.

        So when people do vote anyway, it's for some combination of:
        a. irrationality,
        b. zealotry,
        c. entertainment,
        d. altruism

        People in category d are too rare to decide elections (al
  • Different Enough (Score:5, Insightful)

    by Tsuki_yomi ( 642789 ) on Wednesday November 21, 2007 @03:43AM (#21432361)
    If they are different enough for the company to give them a new model number, they are different enough to need recertification.
    • Re: (Score:2, Insightful)

      by mrbluze ( 1034940 )

      If they are different enough for the company to give them a new model number, they are different enough to need recertification.
      And with widespread public suspicion on e-voting, the gov't will want to be seen to be doing the right thing.
    • Re:Different Enough (Score:5, Interesting)

      by leuk_he ( 194174 ) on Wednesday November 21, 2007 @05:15AM (#21432795) Homepage Journal
      If they did not change the version number nobody might have noticed. Even not it it was sold with a buildin trojan. What does that say about voting with computers?
  • I could understand Cal's concern if different IC's were used, or if code was re-flashed. But if the two machines had the same circuit diagram, same components, and code, this penalty seems zealous. I live in California, and it's painful to see bureaucratic zealots nominally on my side, but being far from reasonable. This particular error on the part of the voting machine company appears to be on the level of a failure to file necessary paperwork.
    • by king-manic ( 409855 ) on Wednesday November 21, 2007 @03:50AM (#21432401)

      I could understand Cal's concern if different IC's were used, or if code was re-flashed. But if the two machines had the same circuit diagram, same components, and code, this penalty seems zealous. I live in California, and it's painful to see bureaucratic zealots nominally on my side, but being far from reasonable. This particular error on the part of the voting machine company appears to be on the level of a failure to file necessary paperwork.
      The contract didn't say "penalties only if re-flashed", instead it mentions any modifications needs to eb examined and approved. If you signed that contract you must be an idiot to do this substitution. You have to be strict or else you have more "diebolds". Any and all changes must be examined. All penalties assessed would be based on contract law. Paperwork is how a legalist society is run. It's not like jumping through hoops is new to government contractors.
      • Re: (Score:3, Insightful)

        by bobdotorg ( 598873 )
        I could understand Cal's concern if different IC's were used, or if code was re-flashed. But if the two machines had the same circuit diagram, same components, and code, this penalty seems zealous. I live in California, and it's painful to see bureaucratic zealots nominally on my side, but being far from reasonable. This particular error on the part of the voting machine company appears to be on the level of a failure to file necessary paperwork.

        The contract didn't say "penalties only if re-flashed", instea
        • by Antique Geekmeister ( 740220 ) on Wednesday November 21, 2007 @04:56AM (#21432719)
          I see your point, but this is one of the reasons "mil-spec" parts cost so much. You get what you ordered, not what some vendor decided you might like instead. And those small differences add up. Cable locatons affect air flow and thus cooling. A very minor component change, such as a minor network chipset change, can swap network ports. And failing to notify the customer of the change is a very, very bad practice, especially in a sensitive system, because when a technician opens it up and two otherwise identical systems with the same model number don't match, foul play is going to be suspected.
        • by hidden ( 135234 ) on Wednesday November 21, 2007 @05:06AM (#21432753)
          I hate to tell you, but a change in the color of a key could be important. What if that change made the key unreadable to color-blind people? Or reduced the contrast so it was harder for a partially-blind person to read? These details can be important when you're dealing with something like a voting machine. Sure, maybe my scenarios don't seem likely, but they are possible, and thats why the government wants the chance to make the call, not the voting machine company. Notice that (at least the way I read this) the government of California isn't asking to re-certify trivial changes, they're merely asking to be notified of any change (no matter how minor) so that the government of California decides what is trivial, not the vendor.
          • I hate to tell you, but a change in the color of a key could be important. What if that change made the key unreadable to color-blind people? Or reduced the contrast so it was harder for a partially-blind person to read? These details can be important when you're dealing with something like a voting machine. Sure, maybe my scenarios don't seem likely, but they are possible, and thats why the government wants the chance to make the call, not the voting machine company. Notice that (at least the way I read th

        • You're probably not aware of this, but one of the early prototypes of an accessible voting system told the user (via audio), "Press the Red button to select this candidate. Press the green button to hear the next candidate."

          With that kind of history from some of the vendors (that was not an ES&S product), it's easy to see why the legislation would get nit-picky.

          Tim
    • by deniable ( 76198 ) on Wednesday November 21, 2007 @03:52AM (#21432409)
      Do you want your vote counted by people who can't read a contract? We used to have client documentation requirements of two ring binders for some and three ring binders for others. If we did it wrong, we would have lost 10% of the payment for a 20 million dollar machine. You bet the requirements were checked and double checked.

      This case also serves as a warning that California will not take any crap from the vendors. It may prevent any further 'mistakes.'
      • > Do you want your vote counted by people who can't read a contract?

        Don't be silly! The don't have to know how to count. They only need to write code.
      • Sure the company ultimately didn't follow the terms of the certification in the eyes of the California Secretary of state but was it because they "can't read a contract" or because the conditions in the certification was left open to interpretation? There is a legal interpretation of the certification that says "One condition of that certification, according to her office, was that no "substitution or modification of the voting systems shall be made with respect to any component of the voting systems" (from
        • Re: (Score:3, Informative)

          But the story gives the rest of the clause:

          ...until the secretary of state has been notified in writing and has determined that the proposed change or modification does not impair the accuracy and efficiency of the voting systems sufficient to require a reexamination and approval...

          So all they had to do was write to the secretary of state, explain that they had just moved a few things around, and wait for confirmation that the secretary agrees that the changes don't require reexamination. That's a pret
          • by mpe ( 36238 )
            I've done a bit of work on mil-spec hardware in the past and even as an engineer intern I was fully aware that every resistor and capacitor on the circuit board was made to a specification and couldn't be changed without notification.

            Presumably to allow a non engineer to check using a photograph.
            • Presumably to allow a non engineer to check using a photograph.

              More than that. Military hardware is frequently built to survive conditions not experienced by consumer machines. Something as 'simple' as moving a cable could be the difference between the part survive an EMP blast and still be operational and frying instantly.

              Rather than assuming an operating temperature range of 40-100F, it might have to survive -30 to 190F.

              Substituting a non-shielded cable for a shielded cable, even where civilian specs ca
          • So all they had to do was write to the secretary of state, explain that they had just moved a few things around, and wait for confirmation that the secretary agrees that the changes don't require reexamination. That's a pretty standard thing to have to do for any company that makes things for government or military. It doesn't matter if it's the component layout, colour, font on the front panel legends - if it's changed then you notify the changes. It's absolutely amateur and shows a total lack of understa

      • Exactly. The changes they make aren't necessarily the issue, it's the fact that they made the changes in the first place and couldn't be bothered to read or follow the contract.

        A good example might be the infamous Van Halen incident where the band did thousands of dollars to a venue after they were given brown M&Ms. The band's rider stated that M&Ms were to be provided but buried deep withing the technical paragraphs was a line stipulating that brown coloured M&Ms were to be removed. Obviously t
      • by mpe ( 36238 )
        Do you want your vote counted by people who can't read a contract? We used to have client documentation requirements of two ring binders for some and three ring binders for others. If we did it wrong, we would have lost 10% of the payment for a 20 million dollar machine. You bet the requirements were checked and double checked.

        How much could it have cost you if you had messed up, been taken to court and the judge had taken the position "If the defendent can't even get that simple thing right what else mig
      • by roystgnr ( 4015 ) *
        This case also serves as a warning that California will not take any crap from the vendors.

        I'd say it serves as a warning that the only way California can detect vendors' crap is by noticing new model numbers and obvious visible physical changes to certified software. The only way they can even hope to detect invisible changes to certified software is with a chain of trust which has again been proven to be missing most of its links.

        It may prevent any further 'mistakes.'

        It may discourage any further mistake
    • by Anonymous Coward
      Sometimes simple modifications substantially weaken security. The relocated circuit boards could make it easier to swap chips, or make targeted DoS attacks which can easily alter elections easier to effect. It's well know that most election districts have a history of voting for candidates of a certain party. If you knock a bunch of machines offline in just a few of the ones for the opponent, you can cause the lines to be long enough fewer people will vote, and unless it would be a landslide, the electio
      • by iamacat ( 583406 )
        You are extremely naive if you think the state did this level of testing. Most probably the boss just cast 5 ballots, verified the results manually and declared that the machine works correctly. Even if they did honest testing at the usual government's level of sophistication, it was not anything that would be changed by rearranging boards.
        • Re: (Score:3, Informative)

          by iluvcapra ( 782887 )
          California's testing and qualification of voting machines -- this time around, at least -- was quite formidable [sfgate.com], including tiger teams to hack the machines. The report from the testers was the reason they all got sent back in the first place.
    • by seanadams.com ( 463190 ) * on Wednesday November 21, 2007 @04:07AM (#21432489) Homepage
      Really? Where shall we draw the line then?

      There is surely enough electronics in these machines that it would be trivial to conceal a circuit that changes its behavior depending on how various circuit boards are physically mounted in a chassis, even when all the connections appear visually equivalent.

      Without visibility of the source code, we have no idea what it's doing under normal circumstances, much less when bits inside of it as physically rearranged. Hell, even with full schematics and source code, things could be easily hidden in production units. No matter what we do, we're taking their word for it.

      Get rid of the machines.
      • Re: (Score:2, Funny)

        by Bartab ( 233395 )
        Better idea: Get rid of the secrecy. As in secret ballots.

        Once my vote is posted by my name, I can verify it. I can also vote from my laptop - or better yet, my cellphone.

        So what if I can sell my vote? I've got no issue with that. Legalize and formalize the process.
        • Re: (Score:3, Insightful)

          It sounds a good thing to sell your vote, but you might soon notice that the price of your vote might simply be not losing your job at the first election, not being jailed at the second, and not being killed at the third (and you would have personnaly voted for each of these steps, so it will be perfectly legal).
    • by MLease ( 652529 )

      This particular error on the part of the voting machine company appears to be on the level of a failure to file necessary paperwork.

      Perhaps. However, when the issue is something as sensitive as voting machines, with all of the distrust of them we've seen and experienced (for good reason), it is imperative that everyone follow the letter of the contract and the law. As others have pointed out, with closed source software, it would be trivial to encode a backdoor or cheat function which would be enabled by

      • If I was a voting machine vendor, and I wanted to hide a hack, er... miss an accidental bug, in the original hardware, I would just have a ground point that enabled the alternate code. Then the only modification needed would be to leave off an insulating washer. Far less than the modifications done to this machine.
    • In high assurance systems, be it equipment on an aircraft (that has obvious life or death impact) or equipment for voting (that has indirect, but just as serious consequences), any change has to be certified.

      There are lots of ways a seemingly ineffectual change can cause unforeseen consequences, so it's not up to the person making the changes to decide what is and isn't a 'trivial' change. Even if the changes can now be proven to be trivial and no danger to proper operation, this is still the right
    • by mpe ( 36238 )
      I could understand Cal's concern if different IC's were used, or if code was re-flashed. But if the two machines had the same circuit diagram, same components, and code,

      In which case the onus is on the supplier to prove that there has been no change, regardless of the model number being changed. Even if the difference indicates some trivial change, e.g. colour of the casing, then it's up to the supplier to explain this and get the customer's approval for the subsitution.

      This particular error on the part
    • The law is the law, and no modifications means no modifications. This is a voting machine, not some office computer -- any change might have consequences in terms of accuracy, or the ability of a third party to manipulate the vote. What if the rearrangement makes it easier for me to hack the machine, because it puts the motherboard in a position that is easier for my to connect my palmtop to? I'm sure that is a far-fetched situation, but we can't allow that kind of scenario to go unchecked when it comes
    • This is California. With their budget situation, do you think they'd EVER pass up an opportunity to grab money?
    • by necro81 ( 917438 )

      But if the two machines had the same circuit diagram, same components, and code, this penalty seems zealous.

      ES&S thought the changes were substantial enough to give the resulting device a new name (A200 instead of A100). Did they give it a new price, too? Plus, they didn't go through the motions to have someone verify that the same code was, in fact, used. Despite their claims, without having an independent tester do that verification, who knows what they flashed on there.

  • by Chris Snook ( 872473 ) on Wednesday November 21, 2007 @03:47AM (#21432383)
    a) They didn't think it was that big of a deal.

    b) They forgot.

    The actual error isn't terribly worrying, but the process failure that led to the breach of their contract, especially for something that could have been complied with quite easily, is not the sort of thing you want to see going on at a company that makes closed source voting machines.
    • by jimicus ( 737525 )
      The actual error isn't terribly worrying, but the process failure that led to the breach of their contract, especially for something that could have been complied with quite easily, is not the sort of thing you want to see going on at a company that makes closed source voting machines.

      It's not the sort of thing you want to see going on with ANY company which provides closed-source solutions - either software, hardware or a combination of the two.

      Now what would happen if a medical equipment manufacturer trie
    • by simong ( 32944 )
      If either is the case then they deserve every penny of the fine, and should be banned from providing hardware or software to any voting system anywhere. In their business there is no excuse for mistakes or oversight. If something is changed there should be a process of documenting that change, accepting the change and, most importantly in this case, validating that change and getting it certified by the controlling bodies. There should be a procedure for that, all written down and set into motion as soon as
    • The actual error isn't terribly worrying, but the process failure that led to the breach of their contract, especially for something that could have been complied with quite easily, is not the sort of thing you want to see going on at a company that makes closed source voting machines.

      Indeed. Changing the position of a bracket and whatnot is a pretty minor design tweak. OTOH, this is a voting machine, and it seems so fundamentally obvious that every employee at every level should have been indoctrinated w

  • by TheBearBear ( 1103771 ) on Wednesday November 21, 2007 @03:53AM (#21432419)
    SOME LINES FROM THE ARTICLE...

    Does relocating two circuit boards, rerouting several internal cables and changing some mounting bracket supports mean an e-voting device must be recertified to meet state e-voting requirements?

    The company also contended that the changes to the AutoMark A100 were so minor that ES&S was not required to submit them for review.

    The only changes made to the devices were minor engineering modifications, according to ES&S.


    Let me answer the question at the beginning of the article with a resounding YES!!!!!!!!!! YES YES YES! What if the software was written to act differently (cheat) if a bolt was in a certain place, if the color of some paint was different, or if something else was a cetain height? A company can just say "these are just minor changes that has nothing to do with the operation". You see, the contract was written to cover things like this. I am not saying the company had ill-intentions, but if they did violate the contract it's just stupid and - i guess if I can stretch it - a bit suspicious.
    • by deniable ( 76198 )
      Here's a fun one. If they're minor changes, why did they conspicuously change the model number? I bet that's the only reason they got caught. The contract says model 100 and no changes, but we'll give them the 200 anyway. Some official looked at the logo on the box and thought, "that's not what we ordered." If they'd called it a 100A in the small print and left the 100 on the front, they would have avoided this mess.
    • Re: (Score:2, Insightful)

      by noidentity ( 188756 )

      The company also contended that the changes to the AutoMark A100 were so minor that ES&S was not required to submit them for review.

      If they were minor enough to not be worth re-certification, the changes shouldn't have been made. When you're dealing with software that must be secure or is used in life-critical situations, you simply don't make minor modifications in the first place. Unless you're a company selling voting machines to the US.

  • by edwardpickman ( 965122 ) on Wednesday November 21, 2007 @04:37AM (#21432631)
    The new Republican only software service pack was an upgrade to improve machine performance and simplify the voting process.
    • by RuBLed ( 995686 )
      aha, so they added a cash dispenser, makes sense now...

      (*deep breath*... haaayyyy....)
  • What the hell (Score:5, Insightful)

    by MrCopilot ( 871878 ) on Wednesday November 21, 2007 @04:52AM (#21432693) Homepage Journal
    I've been seeing overly paranoid comments on SlashDot for years. What the hell is this its no big Deal crap.

    It is this simple.

    The law REQUIRES Cerification of the Voting Machine to be used/sold. ESS had the A100 certified. They are allowed to sell the A100 in CA

    ESS made a newer model the A200 and sold them uncertified to districts.

    I don't care what the changes were, You put a sticker on it that wasn't there during certification its uncertified. PERIOD. Finish engineering the damn thing before submitting it for certification.

    Let this be a lesson to the makers of these types of machines. ONLY CERTIFIED VOTING MACHINES are legal.

    Frankly, I'm disappointed with you guys for your wishy washy interpretation just because we are a bunch of engineers doesn't mean we don't have to take their side when they violate the law. Especially wjen it comes to something so vitally important to our democracy.

    I couldn't agree more with this comment from the Sec of State.
    "ES&S ignored the law over and over and over again, and it got caught," Bowen said in a statement. "California law is very clear on this issue. I am not going to stand on the sidelines and watch a voting system vendor come into this state, ignore the laws and make millions of dollars from California's taxpayers in the process."

    Thank You, that is all.

    • Re:What the hell (Score:5, Insightful)

      by dabadab ( 126782 ) on Wednesday November 21, 2007 @06:06AM (#21433005)

      Let this be a lesson to the makers of these types of machines


      No, let this be a lesson for the voters: if something as obvious as a modell with physical alterations and - for crying out loud! - a different type designation could be sold to the districts bypassing all the security measres that should have been in place preventing this, then how do you trust these exact same security procedures to catch subtle modifications of the software?
  • Not knowing the details, but:

    - there were two types
    - one was certified
    - the other was sold

    So the states bought knowingly an uncertified machine?
  • by Qem ( 889694 ) on Wednesday November 21, 2007 @05:24AM (#21432839)
    http://www.news4jax.com/politics/3890292/detail.html [news4jax.com] "The software is not geared to count more than 32,000 votes in a precinct. So what happens when it gets to 32,000 is the software starts counting backward," said Broward County Mayor Ilene Lieberman. The article says that they'd known about the problem for two years and failed to fix it. http://abcnews.go.com/US/comments?type=story&id=2646802 [go.com] Randy Wooten figured he'd get at least one vote in his bid for mayor of this town of 80 people even if it was just his own. He didn't. Now he has to decide whether to file a formal protest. http://backslash.slashdot.org/article.pl?sid=06/08/01/191235 [slashdot.org] The Open Voting Foundation's disclosure that only one switch need be flipped to allow the machine to boot from an unverified external flash drive instead of the built-in, verified EEPROM There has been tons of mishaps with those machines reported on slashdot alone... I certainly don't blame them for throwing the book at them and fining them for all their worth. It certainly sends across the message that the voting system is not to be fucked with and hopefully it can help prevent situations like the above.
  • It IS a big deal (Score:5, Insightful)

    by TheLink ( 130905 ) on Wednesday November 21, 2007 @05:38AM (#21432901) Journal
    The company obviously doesn't treat elections very seriously and should be smacked down.

    An election doesn't just have to work right, it has to be SEEN to be working right - that is PART of the "deliverables". Otherwise people may rightfully get pissed off.

    Say in an "old school voting system" you had a company in charge of transporting ballot boxes from the booths to the counting stations, and one of the trucks took a "minor detour" on the way, maybe for the convenience of the company or the employees (take a leak or buy a drink etc).

    Sure, nobody might have tampered with the stuff, but the elections get "damaged".

    How damaged who knows. The eventual losers could kick up a big fuss. You might piss off millions of voters.

    The company obviously doesn't deserve to be in the election system business.

    The USA spends so much money in Iraq on "regime change" AKA picking the leaders there, but when it comes to picking the leaders back home - "it's only a minor modification" or we'll let Diebold's rejects who wouldn't be able to make ATM machines build voting machines for us.

    • Nope. It would NOT be smacked down like in WWF.
      It would be "settled".
      The company would pay a visible compensation and an invisible large contribution to campaign funds and the matter would be closed; without the company ever admitting it did wrong.

      During 1800s many local counties had laws which prevented convicted companies from doing/establishing business in that locality.
      But then now convicted companies like Deibold http://www.heraldtribune.com/apps/pbcs.dll/article?AID=/20031217/APN/312170634 [heraldtribune.com] and Microso
  • Don't forget.... (Score:3, Insightful)

    by foniksonik ( 573572 ) on Wednesday November 21, 2007 @11:31AM (#21435307) Homepage Journal
    If CA had allowed them to do this, without bringing suit, then the CA gov would be liable if there were ANY problems - real or imaginary, which could somehow, anyhow be traced back to this discrepancy. The State Sec or State is doing the right thing both for the people and for his job security.

    A court may find that the damages are too great, who cares... he brought the suit and is now off the hook for anything that may or may not have happened come election time.

  • ES&S apparently does not have a sufficient engineering and/or QA certification system in place or they would not have pulled this expensive stunt.

    Simply relocating boards and wiring would constitute a simple modification submission to the right authorities with proof that it would NOT affect system performance in any way, shape or form. Sure, it's lot of paperwork, but consider the consequences.

    This reeks of their marketing pulling a stunt to make more money for the company.
  • They wanted the machines for free:)
  • by Catbeller ( 118204 ) on Wednesday November 21, 2007 @08:20PM (#21442201) Homepage
    Voting machines such as those ESS and Diebold sell are useless for anything but cheating... as this illustrates, you can validate code and approve the circuitry design all you like, BUT YOU DON'T KNOW WHAT IS ACTUALLY IN THE MACHINES AT GO-TIME. They can place cheat chips or upload cheat code, and by the time anyone even has an inkling beyond simple statistical obviousness -- which American media apparently can't understand -- the election is years over and we are told no one cares. Unless of course a Democrat wins; imagine the hell unleashed by FoxNews! if a single voting system may have scooted a Demo into office with some question of the system's honesty. But I digress.

    Paper trails are useless in the usual conception as well. A voter votes, and a little piece of paper comes out telling him that he voted thusly. Oh, PLEASE. Unless the paper is a card and can be manually recounted and the totals compared to the computer tally, the paper trail is worthless. Anything can be recorded, and anything can be printed. Now, if instead for security purposes the paper card receipt is kept archivally, then why the HELL have a PC acting as an agent in the first place, and simply count the paper cards? Canada uses a number 2 pencil and paper ballet, and they count the votes manually, with a rep from both or more parties observing the count-- you know, the thing that the Supreme Court here said didn't work. And they finish national elections in hours after the polls close. Faster than we do. Their method scales, you see.

    There is no reason to computerize the voting process other than cheating. None. All else is sophistry. We had working systems; they were abused by injecting doubt in Florida in 2000. The recounts work fine if the lawyers and the Supremes stay the hell out of things. None of you may recall, but in 2000, at the same time Florida was being sued and stayed to death and back, two more recounts were happening out in the western states -- manually -- and no one said a thing. Florida was made a carnival by Republicans because they wanted to instill the idea in a fantastically compliant media that recounts didn't work, that chads made things uncountable somehow, that NO RECOUNT WAS NECESSARY by any means possible. It took faked up riots in Dade by republican staffers pretending to be random thugs demanding a shutdown and a crooked Supreme Court majority -- all rightist Republicans, and I include Kennedy as he has shown his new colors since then -- to order the shutdown of the democracy hours before the recount was supposed to end. Never has the US seen a group of election officials and volunteers work so hard and so quickly to beat a crooked shutdown and what was frankly a putsch by the Republican party.

    How different the world would be now if Gore had been allowed to win. The worst. Day. Ever. In American history.

Hackers of the world, unite!

Working...