Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Government The Courts News Politics

Ohio Investigating Possible Vote Machine Tampering Last Year 213

MozeeToby writes "The Columbus Dispatch is reporting on a criminal investigation currently being performed in Franklin County Ohio. It seems several voting machines listed a candidate as withdrawn from the race when in fact he wasn't. By the time the investigations tracked down which machines had been affected, the candidate's name was back on the ballot. Normally, we could dismiss this as confusion or a mistake on the part of the voter(s) who noticed it. In this case, the person who first noticed the discrepancy was Ohio Secretary of state Jennifer Brunner. Further compounding matters, the Franklin County Board of Elections had disabled virtually all logging on the machines to speed setup of the ballot. Naturally, the county board remains skeptical of these accusations."
This discussion has been archived. No new comments can be posted.

Ohio Investigating Possible Vote Machine Tampering Last Year

Comments Filter:
  • Skeptical? (Score:5, Insightful)

    by SatanicPuppy ( 611928 ) * <Satanicpuppy.gmail@com> on Wednesday March 19, 2008 @02:50PM (#22799056) Journal
    These morons can't even program their VCRs and they're skeptical of tampering? I vote at a place where the people running the polls were alive when the results would have been passed using goddamn pony express, and they say the same crap here.

    We seriously need to toss this crap in a landfill and go back to paper. Any idiot can figure out a paper system, and the system should have that sort of transparency.
    • Heh. (Score:3, Interesting)

      Dated myself...Should have said, "Can't even program their DVRs."

      The fact remains that people who don't understand the issue have no basis for commenting on it. If there are reports of ballot tampering, and the machines are set up without logging (how is this even fucking possible in a supposedly secure system?), there is no way in hell that any non-technical user should be able to get away with being skeptical...If someone told them the goddamn machines were running Halo 3, they wouldn't have any way of te
      • Re:Heh. (Score:5, Interesting)

        by rucs_hack ( 784150 ) on Wednesday March 19, 2008 @03:16PM (#22799364)
        The problem is that paper based elections are no more secure, and if the physical ballots are lost, you're screwed. Accidents do happen, so you can't say they never would be. We need a better voting system that takes advantage of our new computing technology.

        I'm not saying that the current electronic systems are a good idea though.

        The primary flaw of the currently available voting machines is that they are all proprietary. This means a company has a commercial interest in hiding flaws, and is more likely to push out a device with flaws (or fight to prevent their discovery), if they convince themselves that fixing the flaws isn't worth it, in view of the profit reduction that would result.

        We need a voting machine system which is impartial, and not run as a for profit exercise.

        I think the best method would be to set up a consortium of major technology corporations to create the voting machines, and have them run it as a tax break, with rental fee's going to charities, not to the corporations themselves. After all, they have all the smart people working for them, and if profit is not a factor, and no single company has control, the system is less likely to be flawed.

        Before anyone starts foaming at the mouth about big companies I say this. They already run your health system, your financial institutions, your currency, transportation systems, and your food supply. It's not such a big leap.
        Plus, co-operation is already happening with software technology.
        • Re:Heh. (Score:5, Interesting)

          by Chandon Seldon ( 43083 ) on Wednesday March 19, 2008 @03:22PM (#22799414) Homepage

          The problem is that paper based elections are no more secure, and if the physical ballots are lost, you're screwed.

          They aren't? How many man-seconds alone with the ballots does it take to change the result of a paper election by editing the ballots? How many cubic meters of stuff do you need to carry to swap in forged ballots? Now how about electronically stored ballots?

          • Re:Heh. (Score:5, Interesting)

            by ArcherB ( 796902 ) on Wednesday March 19, 2008 @03:36PM (#22799596) Journal

            They aren't? How many man-seconds alone with the ballots does it take to change the result of a paper election by editing the ballots?
            You mean to print ballots that are pre-filled out? I could print about one a second. Not that this matters as I could do it at my leisure.

            How many cubic meters of stuff do you need to carry to swap in forged ballots?
            If I pre-stuff the box with my pre-printed ballots before the polls even open... Zero. If you swap the ballot box out after the polling and dispose of the original, then you need a replica of the box.

            Now how about electronically stored ballots?
            Well, since you need physical access to the machines since they are not on the network, this could take a while. Once you get access, how long to upload whatever changes you want to make could take a while. Of course, you also have to make sure to clear all logs of your access and try to make sure that any changes you made are not detected by something as simple as MD5SUM on pre-polling files.

            Sorry to say it but any retard can stuff a paper ballot box. It takes an experienced hacker to hack an electronic election.

            Personally, I feel that an electronic voting machine should print out a serial numbered, easy to read paper ballot that you have to drop into the box before you leave. Now you have the best of both worlds. If the electronic numbers do not match what is in the paper ballot box, investigate. Each serial numbered ballot should have a corresponding electric vote. Now to steal this kind of election, you'd need to stuff the ballot box with votes that are actually in the machines memory. Not impossible to hack, but much more difficult that hacking either a paper or electronic system alone.
            • Re: (Score:3, Interesting)

              by berashith ( 222128 )
              It takes a single well paid experienced hacker a very short time to change A LOT of the ballots. It takes a retard at each polling place or box collection point to initiate each swap. Now, add in the fact that a box of ballots can be sealed with a label with a tamper evident serial number, the changes on electronic seem much more difficult.
              • Re: (Score:3, Interesting)

                The State of Maryland had a really good system (I think). Each person was handed a paper ballot, and you drew a line next to the person you wanted. The ballot was then scanned by machine. So this provided two benefits:

                - it was quick to tally the results because it was done electronically

                - but in the case of suspected fraud (like the main article) it was easy to go back and review the ballots. Like a paper receipt at a store provides proof of purchase, the voter ballots provided proof of how each person
            • Re:Heh. (Score:5, Insightful)

              by SatanicPuppy ( 611928 ) * <Satanicpuppy.gmail@com> on Wednesday March 19, 2008 @03:52PM (#22799828) Journal
              These P.O.S machines didn't even have logging turned on. Fraud, no fraud, it'd be impossible to tell.

              And while it may take an experienced person to write an exploit, it only takes a "retard" to load it.

              Monkeying physical ballots can be done, sure. But you need a lot of people to do it. You need the poll workers, you need the ballot printers, you need the ballot box movers...And all this is for a polling place that may only serve a few hundred people. Now multiply that by the millions of voters in a general election. One person can keep a secret. A hundred? A thousand? Never.
              • by khasim ( 1285 ) <brandioch.conner@gmail.com> on Wednesday March 19, 2008 @04:07PM (#22800050)
                This mythical "retard" who is somehow a management/distribution savant?

                More correctly stated, any "retard" can stuff a ballot box ... and be caught doing so.

                It's like saying that any "retard" can rob a bank but it takes a skilled hacker to electronically loot your accounts. It is just wrong. It is far easier to secure a physical object because people have far more experience with doing just that.

                Archer seems to be postulating a perfect scenario for electronic voting. Just read TFA and the others like it.
                • I'm not sure we're disagreeing...I know a lot of ways in which an electronic system could be compromised. My point is simply that, while a skilled individual must be in the mix somewhere, that doesn't mean that machines can only be compromised by skilled people.

                  For a ballot stuffing scenario, however, you need a lot more people because of the physical nature of the crime. To borrow your example; any moron can physically rob a bank, and a skilled individual can electronically loot the same amount of money; b
            • by vlm ( 69642 )
              > Sorry to say it but any retard can stuff a paper ballot box. It takes an experienced hacker to hack an electronic election.

              You seem to claim its more likely that one retard exists that can stuff a paper box, than that one hacker exists that can hack an electronic election. However, you don't understand scalability. It takes at least one retard in every paper voting site, or at least each paper voting site that matters, to stuff a ballot box. Probably there are far fewer box stuffing retards that the
              • by crmartin ( 98227 )

                You seem to claim its more likely that one retard exists that can stuff a paper box, than that one hacker exists that can hack an electronic election.


                This missing point here is that there are lots of retards.
            • Well, since you need physical access to the machines since they are not on the network, this could take a while. Once you get access, how long to upload whatever changes you want to make could take a while. Of course, you also have to make sure to clear all logs of your access and try to make sure that any changes you made are not detected by something as simple as MD5SUM on pre-polling files.

              Sorry to say it but any retard can stuff a paper ballot box. It takes an experienced hacker to hack an electronic

            • Or don't clear the logs and make sure they noticed you tampered with it. Then, they can't count any of the votes that the machine took, since they could be tampered. Make sure to to that in a location that is leaning towards your competitor. Maybe do it to a few polling places where your opponent is expected to get more votes.. TADA! You didn't rig the election so you win, you rigged the election so your opponent lost! (with the same end result)
            • You mean to print ballots that are pre-filled out? I could print about one a second. Not that this matters as I could do it at my leisure.

              There's a reason I differentiated between an editing attack and a swapping attack. In order to perform a swapping attack on paper ballots, you need to carry great stacks of ballots with you (i.e. cubic meters of them).

              Once you get access, how long to upload whatever changes you want to make could take a while.

              I'm pretty sure that plugging in the connector would take lo

            • Re: (Score:3, Informative)

              by Anonymous Coward
              If they were Diebold machines, all of that is under 10 seconds. You can swap out the memory card without breaking the seals. Wireless networking is often enabled, so you can just sit in the parking lot. (Why in the name of all that is holy do these things have *wireless* capability?) Logging is done using a MS Access database. (Read 'editable without trace'.) Two sets of totals are kept: One for spot checks and one for the final total. They are never compared. If you have a swipe card with the mast
              • by Slur ( 61510 )
                All very true, so one wonders how you got so thoughtlessly modded down to -1. Apparently Thomas Swidarski must have some extra mod points!
            • Most of your points about physical ballots go away if observers can see the empty ballot box before polls open and watch it all day long until the votes are taken out and counted locally. You know, like in Canada. The kind of system we don't have, since we rig our votes.

              * You can't pre-stuff the box with your fake votes.
              * You can't 'swap the ballot box'.
              * You can't add more than one votes without being detected since observers can count how many people vote.

              Furthermore your evaluation of electronic voting
            • Re: (Score:2, Insightful)

              by Anonymous Coward

              You mean to print ballots that are pre-filled out? I could print about one a second. Not that this matters as I could do it at my leisure.

              If they are hand-generated ballots, yours are going to stand out a touch. On the other hand, there will be lots of spoilage. I'll give you this one, absent serial numbers or other mechanisms that can be used for external validation.

              If I pre-stuff the box with my pre-printed ballots before the polls even open... Zero. If you swap the ballot box out after the polling an

          • by Svartalf ( 2997 )
            They're not.

            How many seconds does it take to "misplace" or otherwise disappear a batch of paper ballots?

            "Not counted" works just as well as the missing entries, etc.

            None of it is actually at all "secure" in the normal sense of the word. There's more secure means- and if you're going to
            do something like this, one should pick more as opposed to less. Unfortunately, for the electronic ballot system makers
            they've been in a race to the bottom, trying to out cheap (and by that, I mean lack of quality) each othe
            • Re:Heh. (Score:4, Insightful)

              by SatanicPuppy ( 611928 ) * <Satanicpuppy.gmail@com> on Wednesday March 19, 2008 @03:58PM (#22799904) Journal
              Ever been to a polling place where they didn't check to see if you were a registered voter? When that polling place has a record of serving 5000 registered voters and no ballots to show for it, that is a pretty clear indication of fraud, don't you think?

              Pardon the pun, but paper ballots leave a huge paper trail. They're physical objects; they exist, and therefore it is much harder to make them disappear than it is an ephemeral digital record.
        • Re: (Score:3, Insightful)

          Lost ballots are easy to track; just number them. If you can't find them, you know there is fraud.

          Paper is cheap, paper is reliable. Paper doesn't require a ton of training or big fancy machines. Paper doesn't require we put our trust in anyone.

          The problem with the technical systems is that they're complex, far far far more complex than they need to be. The more complex you make them, the more likely you are to have bugs, the more likely you are to have fraud, and the less likely you are to have someone who
        • Bullshit. (Score:3, Insightful)

          by khasim ( 1285 )

          The problem is that paper based elections are no more secure, and if the physical ballots are lost, you're screwed.

          No. You do not understand "security". It is possible to have a representative from each candidate WATCH the ballot box to make sure that it is not "lost".

          Even if someone is watching the computer, there is no way for them to tell if ballots are being "lost" or changed.

          We need a better voting system that takes advantage of our new computing technology.

          Why? What's wrong with pen and paper?

          Counting

          • Why? What's wrong with pen and paper?

            Nothing, nothing at all.

            However, population size is increasing. Ok, a lot of people don't vote (for reasons that escape me...). Assuming the option of making voting compulsory, which I am in favor of (after all, a lot of people ended up dead last century making sure we could, its a tragedy that so many people don't even seem to be aware of what happened...), then you'd very quickly have a system close to the breaking point.

            All we need is a secure and reliable electronic
        • Re:Heh. (Score:4, Interesting)

          by dgatwood ( 11270 ) on Wednesday March 19, 2008 @03:57PM (#22799882) Homepage Journal

          We need a better voting system that takes advantage of our new computing technology.

          I have a pretty good idea where you'd begin.

          • Two stations that must conform to a set standard and may not be built by the same vendor in any polling place.
          • First station casts the vote, second station allows you to verify it. Both count the votes independently and report back independently to separate counting systems built again by separate vendors.
          • The voting station must generate a unique symmetric key that must be registered upstream to the backend counting system, but may not be recorded on the vote token. That backend must then make it available to any other counting system that asks. Appropriate cryptographic protection must be used to ensure no unauthorized system can ask.
          • The checking station must then request that key to decrypt the vote for verification purposes.
          • If the vote verification shows that the vote was incorrect, the user cancels the vote and, upon returning to the voting station, revotes. The cancellation is propagated back to the voting station by the transportation of the vote token as a negative vote.
          • After voting, you retain your voting token, and can connect it to a USB port (or a flash card reader, perhaps) and run a program that queries the vote counting system. Because the encrypted vote is still present, the servers can each independently verify whether the vote was, in fact cast. This path should not allow access to the key needed to decrypt the vote, however, thus preventing people from using this as a way to sell votes.

          Of course, the security would still depend on the standards being defined by a group of people familiar enough with crypto to come up with a robust and reasonably secure standard for doing all this, but at least by requiring independent verification, this significantly reduces the likelihood of vendors being bought off successfully without getting caught, and by allowing vote counts to be verified independently after the fact against all of the counting servers, this significantly reduces the ways in which blocks of votes can get "lost" by corrupt election officials.

          • Your post is most interesting.

            Would you mind cloning yourself a few million times so you could get this implemented?

            Seriously though, I like. You should send the idea to your representative.
        • Before anyone starts foaming at the mouth about big companies I say this. They already run your health system, your financial institutions, your currency, transportation systems, and your food supply. It's not such a big leap.

          Let's see....

          Health system = millions of uninsured, outrageous costs, inconsistent care with no coordination

          Financial institutions = scandals, bailouts, housing bubble, credit crunch

          Currency = check current exchange rates: need I say more?

          Transportation systems = Think abou

          • And so, I'm supposed to trust "big companies" with my vote....why, exactly? I realize we may have to do something along your suggestion to fix the voting system, but the examples you chose hardly inspire confidence..

            I wasn't talking about how well those systems are run. I live in the UK, where we pay that nasty, socialist national insurance, and have health care assured free at point of provision, no matter what ails us, and regardless of previous health conditions. Apparently this means we also breed terro
        • by EriDay ( 679359 )

          think the best method would be to set up a consortium of major technology corporations to create the voting machines

          Replace corporation with Universities

          Before anyone starts foaming at the mouth about big companies I say this. They already run your health system, your financial institutions, your currency, transportation systems, and your food supply.

          • health system - broken
          • financial institutions - how much money did the corrupt bastards lose this week?
          • transportation systems - destroying the planet
          • c
          • Replace corporation with Universities

            Perhaps, but university graduates end up working at the major corporations, so we are ultimately talking about the same people.

            I'm an academic myself, one who is finding that academic success bizarrely doesn't mean an escape from low wages, so I wouldn't personally be convinced that academia is any assurance of moral and ethical superiority. We all have to pay bills...
      • by gnick ( 1211984 )

        ...people who don't understand the issue have no basis for commenting on it.
        If I wasn't guilty of it so often myself, I'd use that as a sig...
      • Re:Heh. (Score:5, Funny)

        by moderatorrater ( 1095745 ) on Wednesday March 19, 2008 @04:39PM (#22800396)

        Dated myself
        You shouldn't do that, it makes God cry.
  • by MisterSquirrel ( 1023517 ) on Wednesday March 19, 2008 @02:51PM (#22799072)
    Further compounding matters, the Franklin County Board of Elections had disabled virtually all logging on the machines to speed setup of the balot. Because we all know what a vastly time-consuming task turning on logging during setup must be.
    • If that level of logging isn't on by default, then the voting machine manufacturers are even more incompetent than I thought. And that's saying a lot, because I doubt they could fasten their own shoes with velcro.

      • by EriDay ( 679359 )
        Attributing this to incompetence is overly generous. Obviously a case of fraud. I'm generally against the death penalty, but our political system has killed millions this decade...
  • by TripMaster Monkey ( 862126 ) on Wednesday March 19, 2008 @02:54PM (#22799104)
    Further compounding matters, the Franklin County Board of Elections had disabled virtually all logging on the machines to speed setup of the balot [SIC].

    Unbelievable. It's like they're trying to make the machines as unreliable and untrustworthy as possible. I know that the problem of properly implementing electronic voting machines is not a simple one by any means, but this is just plain ridiculous.
    • by Drakin020 ( 980931 ) on Wednesday March 19, 2008 @02:58PM (#22799150)
      It's better than when Diebold leaked the election results. http://www.theonion.com/content/video/diebold_accidentally_leaks [theonion.com]
    • I know that the problem of properly implementing electronic voting machines is not a simple one by any means, but this is just plain ridiculous.

      See... that's just the thing. I don't think it would be terribly difficult. I've been writing software for about 6-7 years now, and I don't think that there should be a huge issue coming up with standardized, secure voting machines that leave some form of detailed logging or trail of votes.

      I think the main roadblock to it isn't technology or money or lack of decent workers, the real problem is outlined here. Politicians have a knack, whether intentionally or not, for getting into this kind of thing an

      • Re: (Score:3, Insightful)

        I've been writing software for 30 years, I can assure you there's no way to make totally secure software. The sooner we realize this, the sooner we'll move on to a real solution. It's almost like the media companies thinking DRM couldn't be hacked.

        We need to get over uninformed thinking, and move to a VERIFIABLE system. Whether it's paper or plastic or silicon, all votes must be made public (with individual privacy protected by code numbers or some similar mechanism). With the voting results in full vie
        • Re: (Score:3, Insightful)

          by CastrTroy ( 595695 )
          If you can prove to yourself that you voted for candidate X, you can prove to someone else that you voted for candidate X. This leads to things just a vote buying, and coercion of voters. The vote is supposed to be anonymous. And it should be impossible to link back a vote to who cast it.
          • Re: (Score:2, Interesting)

            by malilo ( 799198 )
            I have decided I am tired of this argument. Honestly. It's already illegal, so anyone caught doing this would face DIRE consequences... and if you can convince anyone that keeping it under wraps would be possible, I'll be amazed.
          • by GiMP ( 10923 )
            What if your vote was signed with a private key? Nobody could trace the vote back to you, as long as it didn't specify your email address or name. You could lookup all votes signed your key, and confirm that your vote was accounted for.

            One problem with this would be that the voter who cast the ballot could still be forced/coerced into proving that they voted in one way, or another. However, the government couldn't create a massive database of who voted how. The other problem would be in having voters cr
        • I've been writing software for 30 years, I can assure you there's no way to make totally secure software

          The closest I ever got to totally secure software was writing in the online user manual for my open source project 'if you run this software as root you are batshit insane...'.

          I took it out though, as I have to be respectable these days...
    • Further compounding matters, the Franklin County Board of Elections had disabled virtually all logging on the machines to speed setup of the balot [SIC].
      Unbelievable. It's like they're trying to make the machines as unreliable and untrustworthy as possible.
      The reports don't make it clear if this was Board policy or if this was simply one rogue employee who turned off the audit logs.
    • Re: (Score:3, Insightful)

      by truthsearch ( 249536 )
      but this is just plain ridiculous

      And hopefully criminally negligent. I'd like to see more people go to jail for these mistakes, intentional or otherwise.
    • by 0xABADC0DA ( 867955 ) on Wednesday March 19, 2008 @03:05PM (#22799244)

      ...problem of properly implementing electronic voting machines...
      There is no proper implementation for an electronic voting machine.

      There can be proper vote printing machines.
      There can be proper vote tabulating machines.

      But the same device can never do both properly.
      The votes must be inspectable by humans between these steps.
      EOT.
      • One has to wonder though.. counting is like, the most basic thing a computer can do with complete and total reliability. Human eyes can be used to verify, but wouldn't you trust a computer count more than a human one for anything other than voting? So what makes voting so different?

        A properly developed voting system is not farfetched, it's the security that's the issue, and the companies currently making voting machines seem to be extremely bad at making verifyiably secure machines.
        • Re: (Score:3, Insightful)

          by Boronx ( 228853 )
          That's the problem with computers, they're too good at counting. A suspicious human observer can't count along, and a computer with nefarious programming can slip one by you without noticing.
        • A properly developed voting system is not farfetched, it's the security that's the issue, and the companies currently making voting machines seem to be extremely bad at making verifyiably secure machines.

          Not just verifiably secure, but verifiably unbiased. This can't be done without inspection of the entire system, which is much simpler for most paper ballot systems.

          My personal preference for electronic voting would be a computer that lists the vote options in a clear manner (not always possible with a paper system and some of the votes that happen in the US), tabulates the votes locally, and prints out an election ballot that is both machine and human readable. The person votes, verifies the printout, h

      • Re: (Score:3, Insightful)

        by laird ( 2705 )
        "There can be proper vote printing machines.
        There can be proper vote tabulating machines.

        But the same device can never do both properly.
        The votes must be inspectable by humans between these steps."

        This is exactly right. To elaborate, vote printing machines are good, because they can validate input, warn voters when there may be an error (e.g. filling out a ballot but skipping the top race, which is usually not the voter's intent), can provide multi-lingual ballots, and can provide spoken prompts to assist t
    • by EriDay ( 679359 )
      t's like they're trying to make the machines as unreliable and untrustworthy as possible

      Oh, I think they've made them completely reliable. In a way that humans never can be.
  • Bad Summary (Score:2, Informative)

    by eli867 ( 300724 )
    The problem isn't really that the candidate got screwed -- he actually did resign form the race, but he missed the deadline after which the ballots were supposed to be finalized.

    A pretty minor mistake (if you ask me), but the big deal is that all the machines are supposed to have exactly the same ballot. And they didn't. That's bad.
    • BZZZZZT. Try again.

      Perez withdrew one day after Franklin County had finalized its ballots. He had hoped to avoid playing spoiler in fellow Democrat Patsy Thomas' race to retain her appointment to the Franklin County Municipal Court.
      Instead, Perez's name remained on the ballots -- or allegedly, most ballots -- and Republican David Tyack won.
      • Huh? Isn't that what the GP said? That the candidate withdrew, but too late.
        • I don't think so. The GP was saying "no harm, no foul". Indeed there was - this potentially changed the outcome of the election.
          • Re: (Score:3, Informative)

            No, the GP had it pretty much right. To recap, had things been done properly, Perez would have been listed as a running candidate on all machines, which might have cost the other Democrat candidate some votes. However in places he was listed as withdrawn, which in principle should help the running Democrat, who lost despite the error, not because of it. Had the Republican lost, you might wonder if Perez being listed as withdrawn despite missing the deadline had changed the results of the vote.
    • by kabloom ( 755503 )
      Yep. But the major ones (changed votes) aren't the kinds of things these stupid machines have the ability to log for us. Only the secretary of state seeing something so obvious as an incorrect ballot will generate enough publicity to learn to do this right.

      Oh, since it doesn't tell you what was actually going on in this race, and who was running for what, see
      this article [dispatchpolitics.com] to know what's going on here.
    • It is a minor mistake, but Ohio is embroiled w/ a political fight. SoS is a dem and is fighting the legacy of the prior republican administration. Ditto w/ the AG. Meanwhile, the democrat governor is actually staying out of it - as is the republican controlled state house.

      Its getting really ugly and if they cared half as much about the welfare of Ohio as they do partisan politics... things wouldn't be so bad.
  • Skeptical? Sure... they should be. But shouldn't they be able to answer a question like this definitively one way or the other?

    Elections need to be auditable.
  • Related story (Score:4, Informative)

    by TripMaster Monkey ( 862126 ) on Wednesday March 19, 2008 @03:02PM (#22799208)
    If you're not yet completely convinced that the electronic voting currently being rolled out is a craptastic idea, here's a little story [zdnet.com] on how a simple malformed URL can get the online voting registration page in Pennsylvania to yield other voters' registration files on demand.

  • Ohio (Score:4, Interesting)

    by Anivair ( 921745 ) on Wednesday March 19, 2008 @03:08PM (#22799282)
    I hate my state. On election night of the last election we almost immediately found a district near me where they had registered more voted for Bush than existed in the whole county. Gotta love when they're obvious.
    • Re: (Score:3, Interesting)

      by bogjobber ( 880402 )
      Sounds like bullshit to me. Unless, of course, you can provide some sort of reference.
  • by rmdyer ( 267137 ) on Wednesday March 19, 2008 @03:27PM (#22799478)
    Maybe I'm wrong (please feel free to correct me if I am), but is it not possible to create some kind of secured voting system based on methods of cryptographic techniques that would allow the following properies of a voting system...

    a. Your vote can be cast without anybody else knowing who you voted for.
    b. At any point in time after you cast your vote, you can verfiy that your
            vote is counted with the candidate you voted for.
    c. The government can "verify" that you voted.
    d. You can vote over the internet.
    e. Only one vote per citizen.
    f. Any cheating is immediately detected.
    g. others where needed and appropriate.

    I'm wondering if some kind of one time pads could be generated by all parties involved, combined togther with public key cryptography, that would allow such a system.

    It boggles the mind that more effort and resources are put into making sure the government gets their tax returns than whether the voting system works or not.

    Why should I vote again?
    • by corsec67 ( 627446 ) on Wednesday March 19, 2008 @03:31PM (#22799536) Homepage Journal
      Any system where a person can verify their vote after it has been cast is open to a very real kind of attack:

      "Vote for #{my_candidate} or you are fired. Signed, your boss"
      Or, husband, wife, mother, creepy guy standing outside the polling place, etc.
      • by gnick ( 1211984 )
        That goes for both

        b. At any point in time after you cast your vote, you can verfiy that your
        vote is counted with the candidate you voted for.

        and

        d. You can vote over the internet.

        I'd love to verify my vote and I'm not really afraid of voting over the internet. However both cases expose you to possible coercion and a great deal of the computers are infected with malware and should not be trusted to do anything that you don't want stolen or manipulated.

      • So make vote coercion punishable by death via flamethrower. I kid of course but the punishment should be large and severe.
      • by rmdyer ( 267137 )

        Any system where a person can verify their vote after it has been cast is open to a very real kind of attack:

        "Vote for #{my_candidate} or you are fired. Signed, your boss"
        Or, husband, wife, mother, creepy guy standing outside the polling place, etc.

        Yet this "kind of attack" is not an actual attack on the voting system itself, it is a personal attack on you. You call it "very real" yet provide no statistics that this doesn't already take place, or if it did under the system outlined previously, whether the

      • by blueg3 ( 192743 )
        Further, the feature of being able to verify your vote after it is cast is a feature that doesn't exist in the current voting system. I flip some toggles, and can verify which toggles I've flipped, but I have no guarantee (just by looking at the thing) regarding what happens after the lever is pulled.
    • by SEAL ( 88488 ) on Wednesday March 19, 2008 @03:48PM (#22799750)

      I'm wondering if some kind of one time pads could be generated by all parties involved, combined togther with public key cryptography, that would allow such a system.
      Don't throw pseudo-cryptographic nonsense into it. The problem is a human one; it cannot be solved purely by technology.

      You have a task that gathers data from many sources, and needs to verify the identity of those sources. Many people and groups will try to attack, corrupt or undermine that data. Furthermore, any verification in place to detect and prevent such attacks can also be considered vulnerable, but ALSO gets saddled with a deadline as laws in many states prevent recounts after a brief timespan.

      The "attacks" could be purely technological -- (subvert the software), all the way to social (have poll workers set up certain locations in a way that delays people who are waiting to vote in areas that tend to be against your candidate).

      People speak of the importance of a paper trail, but that merely diverts the point of vulnerability. How do we detect that a recount is needed in the first place? Who is doing the recount? How do we know it is any better than the first count?
      • by ardent99 ( 1087547 ) on Wednesday March 19, 2008 @04:50PM (#22800524)
        This is exactly right. All voting technologies, paper or electronic, will have vulnerabilities. The way to solve this problem is to have enough redundancy in the system that makes it very difficult for all mechanisms to fail, or be corrupted, simultaneously and similarly. We have learned this lesson from building fault-tolerant computer systems, and need to apply it here, too. We also need to include the human element in the fault-tolerant design, as people are also subject to failure and corruption.

        For example, you could make a system that has simultaneous redundant and different technologies, such as both electronic and paper trails. Then each of these subsystems could have their information flows be split at the source and channeled through completely different paths to different counters. There could be multiple sets of people with different political allegiances doing redundant counting. With this kind of system failures would be discovered, and could be tracked back to their sources. This kind of redundancy would cost more, but it could be done pretty straightforwardly if it is really what people wanted.

        The main problem of course and it is the big one, is that it is not clear that the authorities actually WANT the system to be incorruptible. There are a huge number of power plays that go on in government, and the bigger the election, the more power is involved. There is so much back-room bargaining, lobbying, and cronyism, both within government and between government and big business, that the people in power don't really want transparency and fault-tolerance because it would interfere with their power. Fair voting only helps the little people, not the people who are already in power, and the system can only be changed by the people in power.

    • Re: (Score:3, Insightful)

      by BitZtream ( 692029 )
      'Secured' depends on your point of view. Some of the things you bring up are somewhat mutually exclusive. The cryptography involved isn't the problem, and assuming the systems use a real cryptoghaphy algorithm, its rarely the problem. Generally its implementation details not directly unrelated to the cryptography algorithms involved that cause the problems. For instance, the diebold photo on their website which showed a master key, in which someone was able to copy and open a diebold box. Atleast I thi
  • Read this. [wikipedia.org]
    Then this. [moldea.com]
    And finally, this. [freetraficant.com]

    This guy is still getting voter support while he's in jail for mob related crimes.

    Remember that Star Trek:TOS episode where everyone was a cheesy mobster? That was filmed in Ohio. They did it to save on costuming and sets. I'm sure of it.

  • Too little, too late has been things "done" about voting irregularities.

    In the 2004 elections around 3 million voters were denied from voting because of registration abuses. That is around 2.5% of the total voter turnout and more than the percentage Bush won in 2004 with. 5.2 million people are ineligible to vote because of their legal history. (The USA has biggest prison population on the planet, relative to population size).

    It should be required by law that if any kind of irregularity exceeds 0.5% of
    • by t0rkm3 ( 666910 )
      Heh.

      Yeah, you'd have to throw out that whole Constitution thingy to federalize election standards. Each state can determine how their representatives to the electoral college are chosen. That should stay that way, we are a Republic of somewhat independent states.

      It is currently philosophically or politically stylish to erode state's rights in the face of debacles like Katrina, and Florida's voting issues, but that erodes an essential balance of power proposition in our government. I like being able to hold
    • by EriDay ( 679359 )

      The USA has biggest prison population on the planet, relative to population size


      Make that the USA has biggest prison population on the planet period [nytimes.com]. Larger than China, larger than India.
  • by Trailer Trash ( 60756 ) on Wednesday March 19, 2008 @04:06PM (#22800046) Homepage

    Did the submitter or editor even bother to read the article. The controversy is that the candidate *did* withdraw, but his name was left on some ballots. for those who can't click:

    Perez withdrew one day after Franklin County had finalized its ballots. He had hoped to avoid playing spoiler in fellow Democrat Patsy Thomas' race to retain her appointment to the Franklin County Municipal Court. Instead, Perez's name remained on the ballots -- or allegedly, most ballots -- and Republican David Tyack won.

    Basically, same way Perot caused Bush #1 to lose in '92.

    • by AK Marc ( 707885 )
      Basically, same way Perot caused Bush #1 to lose in '92.

      Everyone I know that voted for Perot did so with Bill Clinton as their second choice. He was what every Democrat longs for, a moderate Republican that isn't pro-war and anti-choice. That he's also what Republicans say they are but aren't (fiscally conservative), didn't seem to bring any over to him, at least of the voters I know.
  • The candidate did withdraw, but after the ballot was compiled.

    The reason for the withdrawal was to prevent vote splitting with a second candidate and prevent a 3rd candidate from winning. With the 1st candiate still in the race on some machines, the vote splitting may have occured and the 3rd candidate may have enjoyed the benefit (and did win).

    The machine error may have played some part in deciding the election.

  • Do we take this as evidence of manipulation by a political machine (not to be confused by electronic balloting machines), or simple incompetence, or both?

    Having spent 25 years in Ohio, it sure sounds like business as usual to me...

  • Ohio and Florida.. story after story after each election.. What the hell is wrong with these two states ?

    They should reduce their electoral votes until they get their shit together.. give em to Rhode Island and Delaware.

    • in 2000, volusia county, FL had one precinct count up -16,000 votes for Al Gore. That's right NEGATIVE Sixteen Thousand and change.

      since the machines are technically not designed to count backwards, someone tampered with the machine to give Gore negative votes to start with.

Murphy's Law, that brash proletarian restatement of Godel's Theorem. -- Thomas Pynchon, "Gravity's Rainbow"

Working...