Ohio Investigating Possible Vote Machine Tampering Last Year

MozeeToby writes "The Columbus Dispatch is reporting on a criminal investigation currently being performed in Franklin County Ohio. It seems several voting machines listed a candidate as withdrawn from the race when in fact he wasn't. By the time the investigations tracked down which machines had been affected, the candidate's name was back on the ballot. Normally, we could dismiss this as confusion or a mistake on the part of the voter(s) who noticed it. In this case, the person who first noticed the discrepancy was Ohio Secretary of state Jennifer Brunner. Further compounding matters, the Franklin County Board of Elections had disabled virtually all logging on the machines to speed setup of the ballot. Naturally, the county board remains skeptical of these accusations."

Skeptical?

[SatanicPuppy]

These morons can't even program their VCRs and they're skeptical of tampering? I vote at a place where the people running the polls were alive when the results would have been passed using goddamn pony express, and they say the same crap here.

We seriously need to toss this crap in a landfill and go back to paper. Any idiot can figure out a paper system, and the system should have that sort of transparency.

You can't make this stuff up...

[TripMaster Monkey]

Further compounding matters, the Franklin County Board of Elections had disabled virtually all logging on the machines to speed setup of the balot [SIC].

Unbelievable. It's like they're trying to make the machines as unreliable and untrustworthy as possible. I know that the problem of properly implementing electronic voting machines is not a simple one by any means, but this is just plain ridiculous.

Re:You can't make this stuff up...

[truthsearch]

but this is just plain ridiculous

And hopefully criminally negligent. I'd like to see more people go to jail for these mistakes, intentional or otherwise.

Re:You can't make this stuff up...

[0xABADC0DA]

...problem of properly implementing electronic voting machines...

There is no proper implementation for an electronic voting machine.

There can be proper vote printing machines.
There can be proper vote tabulating machines.

But the same device can never do both properly.
The votes must be inspectable by humans between these steps.
EOT.

Re:You can't make this stuff up...

[Spinlock_1977]

I've been writing software for 30 years, I can assure you there's no way to make totally secure software. The sooner we realize this, the sooner we'll move on to a real solution. It's almost like the media companies thinking DRM couldn't be hacked.

We need to get over uninformed thinking, and move to a VERIFIABLE system. Whether it's paper or plastic or silicon, all votes must be made public (with individual privacy protected by code numbers or some similar mechanism). With the voting results in full view (perhaps on a website?), everyone and anyone can confirm their vote got counted right, and that the sum total of all votes is correct. With a little extra effort, we could even ensure each vote on the list was cast by a real person.

I know this will remove a lot of power from some very powerful corporations, and all corrupt election-stealing politicians will cry foul, but at the end of the day, public verification is the only true solution. Anyone who disagrees is probably selling 'their' system, in which they, no doubt, have a vested interest.

A secured voting system?

[rmdyer]

Maybe I'm wrong (please feel free to correct me if I am), but is it not possible to create some kind of secured voting system based on methods of cryptographic techniques that would allow the following properies of a voting system...

a. Your vote can be cast without anybody else knowing who you voted for.
b. At any point in time after you cast your vote, you can verfiy that your
        vote is counted with the candidate you voted for.
c. The government can "verify" that you voted.
d. You can vote over the internet.
e. Only one vote per citizen.
f. Any cheating is immediately detected.
g. others where needed and appropriate.

I'm wondering if some kind of one time pads could be generated by all parties involved, combined togther with public key cryptography, that would allow such a system.

It boggles the mind that more effort and resources are put into making sure the government gets their tax returns than whether the voting system works or not.

Why should I vote again?

Re:Heh.

[SatanicPuppy]

Lost ballots are easy to track; just number them. If you can't find them, you know there is fraud.

Paper is cheap, paper is reliable. Paper doesn't require a ton of training or big fancy machines. Paper doesn't require we put our trust in anyone.

The problem with the technical systems is that they're complex, far far far more complex than they need to be. The more complex you make them, the more likely you are to have bugs, the more likely you are to have fraud, and the less likely you are to have someone who can spot the fraud.

Having a pile of for-profit companies putting together the machines is a terrible idea; we're already doing that. It's not working. Having them do it without a specific contract with a specific dollar figure on it is an even worse idea. It is always better to do a contract and set a finite price. Finally, the code has to be open source, which you'll never get from a for-profit.

Re:You can't make this stuff up...

[CastrTroy]

If you can prove to yourself that you voted for candidate X, you can prove to someone else that you voted for candidate X. This leads to things just a vote buying, and coercion of voters. The vote is supposed to be anonymous. And it should be impossible to link back a vote to who cast it.

Re:A secured voting system?

[corsec67]

Any system where a person can verify their vote after it has been cast is open to a very real kind of attack:

"Vote for #{my_candidate} or you are fired. Signed, your boss"
Or, husband, wife, mother, creepy guy standing outside the polling place, etc.

Bullshit.

[khasim]

The problem is that paper based elections are no more secure, and if the physical ballots are lost, you're screwed.

No. You do not understand "security". It is possible to have a representative from each candidate WATCH the ballot box to make sure that it is not "lost".

Even if someone is watching the computer, there is no way for them to tell if ballots are being "lost" or changed.

We need a better voting system that takes advantage of our new computing technology.

Why? What's wrong with pen and paper?

Counting and validating paper ballots is simple. As is protecting them. They are PHYSICAL objects. People have lots of experience in keeping physical objects secure.

Re:A secured voting system?

[SEAL]

I'm wondering if some kind of one time pads could be generated by all parties involved, combined togther with public key cryptography, that would allow such a system.

Don't throw pseudo-cryptographic nonsense into it. The problem is a human one; it cannot be solved purely by technology.

You have a task that gathers data from many sources, and needs to verify the identity of those sources. Many people and groups will try to attack, corrupt or undermine that data. Furthermore, any verification in place to detect and prevent such attacks can also be considered vulnerable, but ALSO gets saddled with a deadline as laws in many states prevent recounts after a brief timespan.

The "attacks" could be purely technological -- (subvert the software), all the way to social (have poll workers set up certain locations in a way that delays people who are waiting to vote in areas that tend to be against your candidate).

People speak of the importance of a paper trail, but that merely diverts the point of vulnerability. How do we detect that a recount is needed in the first place? Who is doing the recount? How do we know it is any better than the first count?

Re:Skeptical?

[belligerent0001]

The real problem, with any voting system, is the quality of the voter. Let me explain what I mean. The voting system as it was, prior to 2000, had a fail safe. A voter would punch a ballot with the stylus. They were then supposed to removed the card from the machine and VERIFY via the numbers that their card was punched as they wanted it to be. If they could not read English, or were not capable of "punching" one hole and one hole only for a given race/issue/levy etc. then their vote would be negated. This prevents Captain Insano from just punching every hole.
It is presumed that voters have the intelligence necessary to cast a vote properly. This apparently isn't good enough because it "disenfranchised" too many voters, who were not intelligent enough to check their ballot after voting to verify that their card was correct. So, the solution is to throw money at a problem that really wasn't a problem. Personally, the solution is much simpler than the Diebold solution. you put a picture of the candidate on the touch screen, you touch the one you want, after voting on all the issues/races/ etc. It prints a paper ballot, you remove the ballot from the machine, now here is the tricky part, you VERIFY that EVERYTHING is accurate, then drop it in the little box. WHY IS THE SO FRIGGAN HARD TO GRASP!!!! Again, if you aren't intelligent enough to follow directions you shouldn't be voting anyway.
This is just another example of the government trying to protect the stupid from themselves.

Re:A secured voting system?

[BitZtream]

'Secured' depends on your point of view. Some of the things you bring up are somewhat mutually exclusive. The cryptography involved isn't the problem, and assuming the systems use a real cryptoghaphy algorithm, its rarely the problem. Generally its implementation details not directly unrelated to the cryptography algorithms involved that cause the problems. For instance, the diebold photo on their website which showed a master key, in which someone was able to copy and open a diebold box. Atleast I think it was diebold, might have been another company?

Some of the things can be done but only if you don't expect the others.

In reality though, A - F are never going to be assured. The machines can always be tampered with (mechanical or electronic voting methods, it applies to both), its just a matter of how many people are involved in the cheating. If you had tamper proof machines, then E, C and either A or B can be assured, but not both A and B, since the data must be retrievable in some form. You can't just encrypt your vote with your private key and send it off to the machine (which would give you A) because the machine can't read it to know who you voted for.

You can sign the vote with your private key so that you can verify it hasn't been tampered with and can be verified later ( which would give you B), and likewise, if everyone only has (and can not possibly get another) private key, you can assure everyone can only vote once ( E ). But this is practically impossible as well, since generating fake identities is fairly common.

One of the problems with designing a voting machine is that we have A. If you properly audit and log the votes, you don't have A, but you can get B, C, and E. If you don't properly audit and log the votes, you can get C and E to some extent, but not B. Without logging you have no chance of detecting cheating ( F ), even with logging you can still cheat, it just gets harder.

In a perfect world (ha ha) then you would not care if anyone knew who you voted for, in which case the system becomes a whole lot less complicated. It just all becomes public record which anyone can look at and verify if they want to. Everyone signs their vote with a private key that can be verified against. But, since its common knowledge that people are persicuted because of their beliefs, we choose to hide who we vote for to ensure our own personal saftey. By personal safety I don't just mean from physical harm, but from prejudice at work, in the community as well because others disagree without choices.

So ... the short version of this is, while cryptography can help secure our voting records, it can not fully solve the problem itself, which is that people are corrupt beings.

Re:Heh.

[SatanicPuppy]

These P.O.S machines didn't even have logging turned on. Fraud, no fraud, it'd be impossible to tell.

And while it may take an experienced person to write an exploit, it only takes a "retard" to load it.

Monkeying physical ballots can be done, sure. But you need a lot of people to do it. You need the poll workers, you need the ballot printers, you need the ballot box movers...And all this is for a polling place that may only serve a few hundred people. Now multiply that by the millions of voters in a general election. One person can keep a secret. A hundred? A thousand? Never.

Re:Heh.

[SatanicPuppy]

Ever been to a polling place where they didn't check to see if you were a registered voter? When that polling place has a record of serving 5000 registered voters and no ballots to show for it, that is a pretty clear indication of fraud, don't you think?

Pardon the pun, but paper ballots leave a huge paper trail. They're physical objects; they exist, and therefore it is much harder to make them disappear than it is an ephemeral digital record.

Summary is very wrong

[Trailer Trash]

Did the submitter or editor even bother to read the article. The controversy is that the candidate *did* withdraw, but his name was left on some ballots. for those who can't click:

Perez withdrew one day after Franklin County had finalized its ballots. He had hoped to avoid playing spoiler in fellow Democrat Patsy Thomas' race to retain her appointment to the Franklin County Municipal Court. Instead, Perez's name remained on the ballots -- or allegedly, most ballots -- and Republican David Tyack won.

Basically, same way Perot caused Bush #1 to lose in '92.

I have to agree with the puppy on this one.

[khasim]

This mythical "retard" who is somehow a management/distribution savant?

More correctly stated, any "retard" can stuff a ballot box ... and be caught doing so.

It's like saying that any "retard" can rob a bank but it takes a skilled hacker to electronically loot your accounts. It is just wrong. It is far easier to secure a physical object because people have far more experience with doing just that.

Archer seems to be postulating a perfect scenario for electronic voting. Just read TFA and the others like it.

Re:A secured voting system?

[ardent99]

This is exactly right. All voting technologies, paper or electronic, will have vulnerabilities. The way to solve this problem is to have enough redundancy in the system that makes it very difficult for all mechanisms to fail, or be corrupted, simultaneously and similarly. We have learned this lesson from building fault-tolerant computer systems, and need to apply it here, too. We also need to include the human element in the fault-tolerant design, as people are also subject to failure and corruption.

For example, you could make a system that has simultaneous redundant and different technologies, such as both electronic and paper trails. Then each of these subsystems could have their information flows be split at the source and channeled through completely different paths to different counters. There could be multiple sets of people with different political allegiances doing redundant counting. With this kind of system failures would be discovered, and could be tracked back to their sources. This kind of redundancy would cost more, but it could be done pretty straightforwardly if it is really what people wanted.

The main problem of course and it is the big one, is that it is not clear that the authorities actually WANT the system to be incorruptible. There are a huge number of power plays that go on in government, and the bigger the election, the more power is involved. There is so much back-room bargaining, lobbying, and cronyism, both within government and between government and big business, that the people in power don't really want transparency and fault-tolerance because it would interfere with their power. Fair voting only helps the little people, not the people who are already in power, and the system can only be changed by the people in power.

Re:You can't make this stuff up...

[Boronx]

That's the problem with computers, they're too good at counting. A suspicious human observer can't count along, and a computer with nefarious programming can slip one by you without noticing.

Re:Heh.

[Anonymous Coward]

You mean to print ballots that are pre-filled out? I could print about one a second. Not that this matters as I could do it at my leisure.

If they are hand-generated ballots, yours are going to stand out a touch. On the other hand, there will be lots of spoilage. I'll give you this one, absent serial numbers or other mechanisms that can be used for external validation.

If I pre-stuff the box with my pre-printed ballots before the polls even open... Zero. If you swap the ballot box out after the polling and dispose of the original, then you need a replica of the box.

This is why we have representatives of each party in charge of certifying the ballot box empty at the start of the polling, monitoring them at the election site, and escorting them to where they are counted. Signed seals and unique keys finish off this issue in its entirety. We do very well with paper ballots and security. As Bruce Schneiers has said: We know very well how to secure small pieces of paper (he meant money, but ballots are also small pieces of paper, even if they are more valuable than money)

Well, since you need physical access to the machines since they are not on the network, this could take a while. Once you get access, how long to upload whatever changes you want to make could take a while. Of course, you also have to make sure to clear all logs of your access and try to make sure that any changes you made are not detected by something as simple as MD5SUM on pre-polling files.

Sorry to say it but any retard can stuff a paper ballot box. It takes an experienced hacker to hack an electronic election.

Physical access to the machines. In a precinct near me, the machines are 'physically' stored in a public space shortly before the election. They are locked with a common padlock. Problem solved. If it was a ballot box, we could prevent stuffing by looking inside. Hell, if we were worried, we could buy some lumber, nails, and hardware and make a new one. How do you 'look inside' an electronic voting machine to ensure it is empty? Now assume you can't trust the code running on it to tell you the truth about whether it is empty.

You need time? Did I mention that they were in a public area? This room is empty almost all day. Take all the time you need.

Logs of what you did... You can root the voting machine; what logs are there to be concerned about?

So sure, any retard can stuff a ballot box... and get caught. It takes someone 'smart' (as smart as the average developer who wrote the voting software at least) to compromise an electronic voting machine. I don't think you've proved your point.

Re:You can't make this stuff up...

[laird]

"There can be proper vote printing machines.
There can be proper vote tabulating machines.

But the same device can never do both properly.
The votes must be inspectable by humans between these steps."

This is exactly right. To elaborate, vote printing machines are good, because they can validate input, warn voters when there may be an error (e.g. filling out a ballot but skipping the top race, which is usually not the voter's intent), can provide multi-lingual ballots, and can provide spoken prompts to assist the visually impaired and illiterate.

There's an open source system that does exactly this. Please support http://www.openvotingconsortium.com/ [openvotingconsortium.com]!

Re:Bullshit.

[Lockejaw]

Please explain how a distributed pen and paper system breaks as the number of voters increases.

Please post as something other than AC to make me feel I should answer your question.

Please explain how a distributed pen and paper system breaks as the number of voters increases.
While you're at it, explain why you'll respond to someone who posts under a pseudonym with no real connection to his identity but won't respond to someone who posts as AC.