More E-Voting Software Leaks Surface 283
Christopher Soghoian writes "Sound like something you've seen before? Wired News reports that the software which runs Sequoia's AVC Edge voting machines has been accidentally placed on another company's publicly available FTP server, although this time it's the binary, rather than the source that's been leaked. Machines running this software were used in California's Riverside County for the 2000 presidential election and for last month's California gubernatorial recall election. The system also has been used in counties in Florida and Washington state."
does it really matter? (Score:4, Insightful)
Re:does it really matter? (Score:2)
Who wants their vote to be tallied by a black box? This is too complex for buerocracy crippled government oversight. We have a right to know exactly how our vote is being recorded!
Just my opinion.
Re:does it really matter? (Score:2)
This all seems a lot worse than hanging chads to me.
Re:does it really matter? (Score:2)
It is worse.
Imagine if the same fiasco happens with our current electronic voting machines.
There would be absolutely nothing to recount, and people will be even more furious because their first assumption will be a corrupt system.
What could be done to appease them? Nothing short of a re-election, which AFAIK is not even a legal option.
Actually, as long as any election remains unauditable, people will always presume that it was rigged. People even
Re:does it really matter? (Score:2)
It doesn't even take deliberate bad intentions for bad software to fsck up the democratic process.
Remember in Cryptonomicon when the lady pulling the bingo balls to form a one-time pad didn't like certain numbers, but preferred multiples of 5 so skewed the probability distribution enough that the
How it got there?!? (Score:3, Funny)
SkyNet put it there!
Re:Yes, it does matter. (Score:2)
Re:Yes, it does matter. (Score:2)
You mean, you didn't hear about the problems with some types of punch card machines until Florida 2000.
Nice of you to decide that tens of thousands of voters in Florida "shouldn't be voting". You're on the same page as Sec. State Harris.
Whatthewhata huH? (Score:2, Interesting)
Re:Whatthewhata huH? (Score:2)
Re:Whatthewhata huH? (Score:3, Insightful)
That's *exactly* why I wouldn't mind seeing the code open for public review...
Perhaps they should just take more care when designing the actual product to make sure it's bulletproof - i.e. hire really good people to write the code.
The problem here is that companies are driven by profit and hiring better people, spending more time in design, doing more testing, and even a formal translation of a formal model for proof of correctness all
Re:Whatthewhata huH? (Score:3)
Wtf? (Score:2)
And this couldn't happen in any other way? Security trough obsciourity works perfect in every way [microsoft.com], you say?
where you from? (Score:3, Interesting)
The company was NOT a USA company
Re:Whatthewhata huH? (Score:2)
Re:Whatthewhata huH? (Score:2)
All too easy. (Score:2)
Trivial:
By FTPing it TO a directory that is read/write for anonymous FTP, rather than read only or login-required.
Easy to do if a company is trying to deliver a copy of an executable to a customer and both the person doing the delivery and the person receiving it aren't on their toes, or if the person receiving it doesn't have enough sysadmin privileges to configure the FTP server and the sysadmin who does isn't cooperative or available.
No
Open Source (Score:3, Interesting)
Code shouldn't be important! (Score:5, Insightful)
Also, why isn't the federal government coming out with a standard software framework for voting?
This seems obvious to me, at least.
Not that I trust my government to be the best coders, but heck... get the DOD on it. They are pretty good at these problem domains.
Maybe they'd run it off of source forge....
-hampton2600.
From the designers of the DMV..... (Score:3, Funny)
Bullshit. Libraries. F-15s. Interstate Highways. (Score:5, Insightful)
Blah blah -- the government boondoggle meme strikes again. Yes, it has its roots in some truths, and that's why it exists. But...
The problem is, there are in fact examples of government programs and agencies working and working well. Our, poor, terribly innefficient government programs are responsible for creating the world's best military. My locality might be an exception, but we've got incredible public library resources that I'm so happy with I'm *glad* when I get library fines. The Interstate Highway system makes cross country travel effecient and quick -- which keeps the cost of goods lower -- at least, those you buy that were shipped from somewhere else.
Yep -- I know, private firms were involved in the creation of each of those things. Doesn't change the fact that some branch of our poor, incapable, incompetent government commissioned and managed those projects.
And yes, I know -- the DMV is frustrating to deal with. But I can tell you that the service of the DMV and even the IRS looks positively stellar compared to any number of private entitities -- several health insurance companies, Sprint, Microsoft Customer support, and the hosting company I called last week (no, not some dinky provider either -- I'm talking freakin' Interland here). All of whom should have, in theory, been erased by the invisible hand or otherwise kicked in the pants by the market. But in fact, these beaurocracies are no better than most mediocre government beaurocracies.
So it's fun to repeat, but remember to look at the facts while you're thinking about it. Our beloved commercial driven-to-efficiency-by-the-market companies have produced an absolute steaming heap of bovine excrement when it comes to an e-voting product. And yes, it's still taxpayer subsidized, because our governments are paying for these products -- and not just the costs, but also the profits.
Re:Bullshit. Libraries. F-15s. Interstate Highways (Score:2)
Given that ALL militaries are, by definition, owned by the government (except I suppose a handful of mercenary outfits, which simply don't have the resources to design their own fighter jets), that's hardly a compelling argument. Indeed, looking at how much is spent on the military, I think the only lesson to learn there is "even if you've got a horribly inefficient process, if you throw hundreds o
Re:Bullshit. Libraries. F-15s. Interstate Highways (Score:2)
How true. Heard a great line a few days ago - something to the effect of "the problem with the invisible hand is that it often isn't there."
Haven't heard any stories about wealthy Californians' homes spared by their hyper-efficient private fire departments this week, either.
Re:Bullshit. Libraries. F-15s. Interstate Highways (Score:2)
Which ones? The only good service I've recieved from government organizations was when I dealt with the tax collectors (property tax, mainly).
Our, poor, terribly innefficient government programs are responsible for creating the world's best military.
Like other people have said, $5,000,000,000 gets contractors riled up like nothing else. You should see the $2,000,000 contracts (a typcial pork-barrel domain), where the inefficiency
Re:Bullshit. Libraries. F-15s. Interstate Highways (Score:3, Insightful)
Re:From the designers of the DMV..... (Score:2)
Government enforced cable monopolies Government enforced telco monopolies
"The government does not enforce any monopolies. It's just kinda hard to put in two cable networks to the same damn house."
Actually, there _are_ places where there are multiple competing cable companies. Most towns make one cable company a monopoly because then they could do a deal with one company in return for the monopoly contract. If they just let them all compete, they can't extract c
Re:From the designers of the DMV..... (Score:3, Interesting)
Re:Code shouldn't be important! (Score:2)
the files also contain Visual Basic script and code for voting system databases that could allow someone to learn how to rig voting results. The programmer spoke on condition of anonymity.
that's what we're talking about here: VB script! I'm sure it's real secure.
No kidding it's time for a standard: OS, access to the boxes, protocols, install procedures, app, app validation, audit, the works.
Re:Code shouldn't be important! (Score:2, Insightful)
Be careful what you ask for, or Executive Order 192519 may declare Diebold to be the sole contractor for electronic voting software. Or maybe Halliburton would like to expand its service roster to include "trustworthy software development" ;)
--
Rate Naked People [fuckmeter.com] at Fuck Meter! (not work-safe)
Re:Code shouldn't be important! (Score:2)
Supposedly, 128-bit RSA can be factored in a few seconds or less most home pc's.
Re:Code shouldn't be important! (Score:3, Insightful)
There is good reason.
The lesson should already have been learned. You don't want a single point that can be corrupted. There is good reason that each state is left to its own devices, and its own decisions etc about elections. It is a hell of a lot harder to rig 50 elections than it is to rig 1.
You want to let each state experiment with things. Eventually a system that works will eventually be left.
Re:Code shouldn't be important! (Score:2)
Re:Code shouldn't be important! (Score:3, Informative)
Re:Code shouldn't be important! (Score:2)
Sloppy here, sloppy there.
Re:Code shouldn't be important! (Score:2)
Some time in the future...
haha (Score:2, Funny)
I would work on voting software (Score:3, Funny)
(sigh)
Ok hackers... (Score:4, Funny)
Neumann, the security expert, said, "This means that anyone could install a Trojan horse in the MDAC that won't show up in the source code." Jaguar employees, Sequoia employees or state election officials could insert code that wouldn't be detectable in a certification review of the code or in security testing of the system, he said.
Now all we need to do is write a trojan to get Tux elected president!!
Karma -2 (Not Funny)
Re:Ok hackers... (Score:2)
Re:Ok hackers... (Score:2)
Re:Ok hackers... (Score:2)
Actually, to me it sounds like a great application for DRM. It's a closed system all the way around, so it's not hurting anyone. Provided, mind you, that it keeps an internal paper record as a backup, and maybe even issues you a printout as well. (Let's face it, you can do whatever you want with data if you control the medium.)
You are correct that a MD5SUM should be adequate protection. However a combination of a checksum for version verification (with verification sums distributed on some moderately se
E-Voting (Score:5, Insightful)
Right now, voting software is obviously not ready for primetime and the companies that make it need to have some sort of oversight committee making sure they're not playing games or royally fucking things up.
There was enough of a commotion in FLA about hanging chads that people's confidence in machines are shot. And those are relatively simple compared to secure e-voting software!
It seems that the more we try to "high-tech" the voting process, the more problems and uncertainty we will introduce into the system.
So, right now I'm leaning towards a really low tech solution: simple paper and pen for ballots.
I know I'm a geek and supposed to love technological solutions. And I do, but with something as important as voting, until they get it to be as reliable as pen and paper, I say screw the machines because as a geek, I also know how unreliable software can be.
Re:E-Voting (Score:2)
Makes a lot of sense. Pretty hard to tamper with ink, and even then, you'd need to do it a ballot at a time.
Right now it seems as though the owner of Diebold is openly rooting for Bush. Using a computer, his company can affect a lot of ballots very quickly. That worries me.
If the owner of the Flair Pen company was rooting for Bush, I wouldn't worry in the least because pens can't be controlled via modem... I hope.
Re:E-Voting (Score:2)
Not necessarily. It depends on what the interests of the parties involved are. More "high-tech" processes can, in fact, give you more guarantees that election results have not been tampered with. How about something like following:
0. When starting a vote process, assign a unique one-way hash to each voter;
1. Have voters vote electronically, and record their electronic vote
Reasons for paranoia (Score:3, Insightful)
That reason why Database Technologies (DBT) was given the job of "scrubbing" felons from the Florida voting rolls was not that they were cheap (500 times more than the company they replaced) nor that they were efficient. Katherine Harris several times shifted the standa
wu (Score:2)
Do not un-BIND your RH 6.2,
Leave it it it's natural state
for it is in acting through inactio...
what's this letter from my ISP about a bank in Bolivia?
Here we go again... (Score:5, Informative)
We need to get the source in the open, and more importantly, we need to have these machines give paper ballot reciepts as well as an internal audit tape like those found on ATMs...
There is a bill in the House (H.R. 2239) that already has a lot of support and addresses a lot of these issues. Please urge your representative to support it as well.
Standard Rubuttal to Ballot Receipts (Score:2)
Vote Buying.
Every time someone suggests Ballot Receipts, I wonder whether they don't understand the concept of "free and fair elections", or just don't want them to happen.
Here's a hint: "secret ballot". It's one of the key concepts of democracy.
Re:Standard Rubuttal to Ballot Receipts (Score:2)
If you marked a paper ballot with a pen, and dropped the ballot in a box, then that would also be coercion? Seems like that's the way its been done for centuries.
What makes it different if the paper comes out of the voting machine before it gets dropped in the box?
In fact, there is no difference. Why do we even need the voting machine?
Re:Standard Rubuttal to Ballot Receipts (Score:3, Insightful)
If you marked a paper ballot with a pen, and dropped the ballot in a box, then that would also be coercion? Seems like that's the way its been done for centuries.
What makes it different if the paper comes out of the voting machine before it gets dropped in the box?
It doesn't, what you're describing is a ballot, not a receipt. A ballot receipt would be something the voter takes with them. If the voter takes anything with them which shows who they vo
Re:Standard Rubuttal to Ballot Receipts (Score:2)
A printed receipt which the voter can examine (to verify the vote was recorded as intended) then deposits in a secure ballot box is something else entirely. This allows validation of the electronic vote count as well as a fallback in the event of a recount.
Re:Standard Rubuttal to Ballot Receipts (Score:2)
That's not a paper reciept, that's a paper ballot. The electronic results could be used, especially in the case of a blowout but the paper ballot would/should be the official ballot.
Re:Standard Rubuttal to Ballot Receipts (Score:2)
Re:Standard Rubuttal to Ballot Receipts (Score:5, Insightful)
The only system that works is having people make marks on paper that they can look at and verify, then put into an independent tallying device to count the votes, which rejects invalid votes immediately so that they can be corrected. And in the even of a recount, the paper can be re-scanned.
Astoundingly enough, such devices not only exist, they're cheap, reliable, and fairly widely used -- scantrons! They have the lowest error rate of any voting mechanism, and cost almost nothing.
I have no idea why anyone would even consider an untested (and un-auditable) touchscreen terminal that costs thousands of dollars instead of a scantron that costs almost nothing (the forms cost about 10 cents, and the election board can borrow the scantron from the local schools).
Luckily (http://newshound.de.siu.edu/spring03/stories/sto
But just to keep us on our toes, these morons (http://clients.enfocom.com/avs/products_winvote.
Isn't anyone with a brain cell writing the requirements for these voting systems? You'd think that secure and auditable would be adjectives that you'd want in a voting system.
Re:Standard Rubuttal to Ballot Receipts (Score:2)
Right, so if you were to design a system like this, one has to make sure the paper ballot gets turned back in (think ballot prints out, big flashing lights go off, ballot has to be re-inserted into box under touchscreen before lights stop flashing). AND you have to spot-check a certain fraction
Re:Standard Rubuttal to Ballot Receipts (Score:2)
The part that scares me is that all of the commercial eVoting systems are so obviously flawed that I can't imagine how anyone ever bought them. Don't these towns have _anyone_ who can point out obvious flaws? It's not like it takes a rocket scientist to realize that combining a wireless LAN with voting just might increase the opportunity for fraud. Or that all of these system
Re:Standard Rubuttal to Ballot Receipts (Score:2)
Re:Standard Rubuttal to Ballot Receipts (Score:2)
Re:Here we go again... (Score:2)
Re:Here we go again... (Score:2)
Call me old-fashioned, but I don't think companies need to make a profit off of elections. It introduces some very serious conflicts of interest.
Re:Here we go again... (Score:2)
Yeah, right (Score:5, Funny)
Yeah, have the military run the elections. Great idea...NOT.
Re:Yeah, right (Score:2)
Yeah, have the military run the elections. Great idea...NOT.
At least in the US, as it is now, that would work just fine. The US military has a deeply ingrained institutional respect for the civilian leadership and the democratic process that selects those leaders, regardless of who it picks. The military mostly hated Clinton, for example, but still fully accepted him as their Commander in Chief and would never have attempted to subvert the political process in order to oust him.
Members of the armed f
On-Topic: Diebold Lists Posted to Freenet (Score:4, Interesting)
The key is:
CHK@sgOjWAy4g-0bf0m5biyqnEzWloENAwI,OXw8OfHPfsm
If I can obtain the AVC Edge binary, I will do the same with it.
Let loose the DMCA notices, boys. It won't do you a damned bit of good now.
Re:On-Topic: Diebold Lists Posted to Freenet (Score:2)
I must admit however, I never thought the draconian goverment argument I used against them would ever apply to our own voting system.
Re:On-Topic: Diebold Lists Posted to Freenet (Score:2)
Re:On-Topic: Diebold Lists Posted to Freenet (Score:2)
Anyone interested in your own copy can get it here from this dedicated node:
VB disassembler (Score:2)
I guess in 2 days we'll know who really won the California recall vote.
It is already been abused. (Score:5, Informative)
couple of frauds last year.
The latest news are these ones [estadao.com.br] (In Portuguese. Use
the fish [altavista.com] to read in English).
There have surfaced accuatins of votings being sold at R$10,00 (~U$3.30) each one, and of a candidate that had more than 1000 votes while they were being counted ending up with zero votes.
I just hope they get to the only one true: these eletronic polls, as they are, are nothing but election-buying machinnes.
Re:It is already been abused. (Score:3, Informative)
PF investigates project of frauds in the election of the River
Rio De Janeiro - the Federal Policy opened inquiry to investigate a presumption project of fraud in the elections for state deputy of the last year. On the basis of denunciation of a defeated competitor, Ronaldo Antonio Da Silva, of the PT of the B, the PF selects a supposed net of venda of embezzled votes. It
State agencies (Score:2, Insightful)
Re: State agencies (Score:3, Insightful)
> As I've said before, the agencies responsible for buying this equipment and software should bear a good deal of the blame for anything that goes wrong. It seems to me that some gross negligance or incompetence is going on here.
Problem is, the people who should take them to task for it will be the people who just got erroneously elected (or appointed by same), and will therefore be the least likely of all people to make a fuss over the error.
Re: (Score:2)
voting software (Score:2, Funny)
I asked him: "Since you make money on your hardware what's the problem with open sourcing your software?" He hemed and hawed but then said: "Our programmers are not good enough that we want to let the world see our code!"
I got a little irate and said: "Well its our votes getting counted." He then said: "Well there is something else.
Re:voting software (Score:2, Informative)
His response: We talked about it but this would make full internet voting possible. The API and protocol would be documented. We would not have a captive prod
Re:voting software (Score:2, Insightful)
Are you sure about that? If someone wished to purchase your vote, would he not simply say, "Here, use this PIN when you vote", and then check your vote himself before giving you the money
Idiots... (Score:2, Interesting)
vote++;
(WARNING: The code above is probably owned by SCO too, so just to be safe, I'm mailing a check for $699 tomorrow morning)
Is this really so hard? I'm working on my own OSS voting program. You can see the early version at herrvinny.com. It supports multiple choice (you can select several options together, or just one option), write in, no choice, etc. Anyone in UW
Hey, you can still download the e-voting program! (Score:2, Informative)
You would think these guys would disable it after a slashdot posting... They must be busy playing pirated half life 2 demos.
Re:Hey, you can still download the e-voting progra (Score:2)
Let's hope this all lands in freenet soon.
Good, this time it's binary (Score:2)
% strings democracy-enforcer.exe | grep http
http://votingHQ/cgi-bin/addvote.cgi?pass=ha
The logical progression... (Score:4, Funny)
2)Clay tablets take too long to dry. Votes could be changed in the meantime. Pen and paper is better.
3)Pen and paper is too slow to tabulate. We're switching to these cool punch cards.
4)People are apparently too stupid to use punch cards. Long live the touch screen system!
5)These electronic voting boxes can apparently be h4x0r3d by any halfway intelligent three-year-old with a spoon and an old emery board. This system, however, is foolproof...
*pulls out basket full of rocks painted black or white*
This Modern World comic (Score:4, Funny)
List of voting software (Score:2, Informative)
Hello... Neumann (Score:3, Funny)
So, he quit his mail route?
I don't know about you folks (Score:3, Funny)
What's next? The "Backdoor" line?
Open source opportunity? (Score:2, Insightful)
important votescam links (Score:2, Informative)
*Very informative* articles by Votescam.com
http://votescam.com/chap1.html [votescam.com] (1 of 5 chapters)
Technological excerpts:
"Nothing was said in the press about the secretly programmed computer chips inside the "Shouptronic" Direct Recording Electronic (DRE) voting machines in Manchester, the state's largest city.
These 200-pound systems were so easily tampered with that the integrity of the results they gave -- and George Bush was the ben
Embarrassing answer (Score:5, Informative)
You can often get a fair bit of source from a binary, but it all depends on what language the source was originally from, what platform it was written for, etc.
More importantly (as I understand it) is how it was compiled, etc. Source code isn't just translated line by line into machine code. Especially with today's optimizing compilers, there's a lot of automagic going on.
Now, you usually can get the assembler directives out of a binary (ahh, disassemblers are fun), but even this is dicey. I know from playing around with Atari 2600 roms that often you can't know precisely what parts of the code do what, iirc because code and data were often intermixed in irregular ways. Even if you get the full assembly code, have fun reading it if it's more than a few thousand lines.
Having said that, there's a lot of incredible stuff a skilled person can do with disassemblers, but it all comes down to the source->machine code translation. There's a lot of factors that come into play here, and it's not just a simple inversion of some always used process.
There, can I be less specific?
Re:Embarrassing answer (Score:2)
got translated (by Visual C++) into:
(notice that assembly code is not recursive) It's the same with GCC and just about every other compiler. So having disassembled code
Re:Embarrassing answer (Score:2)
The odds of a file and a trojaned version of that file having the same md5sum are precisely zero.
Actually, the odds are greater than zero. They're greater than 1 in 2^128, also, since that's the lower bound and would only be achieved if MD5 were perfect.
That said, the odds are still so small as to be negligible, and if they're not small enough, you could use SHA-1 to make them smaller. Detecting modified files is not a problem, as long as you're certain of what you're hashing and which hash values ar
Short answer: variable names. (Score:5, Informative)
the compiler first loads the C file (ending in
and all the files it refers to,
and then parses all of it into an internal
structure.
this structure is then optimized:
loops are unrolled, functions are inlined,
and info that is mention but isn't needed
is stripped out.
the resulting structure is then
written out as a series of assembly
instructions, which are then
converted to the numeric codes
the processor understands.
this is the exe.
to go backwards, it's (generally)
trivial to take an exe and get a
plaintext file containing the assembly
instructions (this file usually ends in '.a')
it's the optimization step that causes
issues: one of the main things the computer
doesn't need which is stripped out is
variable names, comments, etc.
without them, there's no context.
you can figure out the algorithm from the assembly,
but you can't easily figure out what
it's operating on.
to make things worse, other optimizations
may alter the code for faster execution,
making it even harder to figure out.
Occasionally, mistakes are made...
Microsoft slipped up a while back,
and released a windows patch which had
the 'debugging info' left in it.
All this really amounts to is the variable
names, function names, etc...
which is bloody useful.
Making this process even worse is that
some (rare) executeables are self modifying,
which makes them MUCH harder to predict.
in summary, it's not that hard to get
back to C code, assuming the program
was even written in C. You'd just have
variable names like 'var0001', 'var0002'
'func0001', etc.
It's basically the difference between
having a nice nested tree structure
which you can compartmentalize and analyze,
versus one long list of instructions,
which the computer may start and stop
execution of at any point.. sorta like DNA.
Re:Short answer: variable names. (Score:2)
All this is true, however, more programs tend to the use the standard language libraries, and/or STL. And if you have the right tools [datarescue.com] that can recognize usage of these, you can determine an aweful lot about what
Re:Short answer: variable names. (Score:3, Funny)
Re:Embarrassing question ( you've been warned ) (Score:2)
Re:Decompiling Java & C# (Score:2)
Re: (Score:2, Interesting)
You misunderstand the function of elections. (Score:2)
Your posting shows that you believe that the "natural progression of democracy" is to expa
Re:Pencil and Paper please? (Score:2)
> forgo the electronic voting and vote with a pencil
> and paper
The Feds claim that paper ballots discriminate agasinst the disabled.
> We can't trust the voters, can't trust Chad, and
> now it seems as though we can't trust the election
> system at all.
Of course you can't trust the electoral system, nor should you. That's what poll-watchers et al are for, and that's why voting systems must be completely transparent and comprehensible to or
Re:India has already been successful with EVMs (Score:3, Insightful)
> done by EVMs with no room for tampering.
How do you know? Just because the Indian government says so? They, of course, couldn't possibly have any reason to want to nobble an election in Kashmir, of all places.
Re:paper ballots (Score:2)
It is a valid reason to use technology but only if technology helps in that respect.
Another advantage of course, would be to minimize human error in the counting process. Obviously we see the problem with that goal if the mechanical counting process cannot be validated, independently validated, all the way to having the process of testing and validation completely open and subject to intense independent scrutiny.
It seems that the