Ohio Investigating Possible Vote Machine Tampering Last Year

MozeeToby writes "The Columbus Dispatch is reporting on a criminal investigation currently being performed in Franklin County Ohio. It seems several voting machines listed a candidate as withdrawn from the race when in fact he wasn't. By the time the investigations tracked down which machines had been affected, the candidate's name was back on the ballot. Normally, we could dismiss this as confusion or a mistake on the part of the voter(s) who noticed it. In this case, the person who first noticed the discrepancy was Ohio Secretary of state Jennifer Brunner. Further compounding matters, the Franklin County Board of Elections had disabled virtually all logging on the machines to speed setup of the ballot. Naturally, the county board remains skeptical of these accusations."

Never leave a paper trail

[MisterSquirrel]

Further compounding matters, the Franklin County Board of Elections had disabled virtually all logging on the machines to speed setup of the balot. Because we all know what a vastly time-consuming task turning on logging during setup must be.

Heh.

[SatanicPuppy]

Dated myself...Should have said, "Can't even program their DVRs."

The fact remains that people who don't understand the issue have no basis for commenting on it. If there are reports of ballot tampering, and the machines are set up without logging (how is this even fucking possible in a supposedly secure system?), there is no way in hell that any non-technical user should be able to get away with being skeptical...If someone told them the goddamn machines were running Halo 3, they wouldn't have any way of telling.

Ohio

[Anivair]

I hate my state. On election night of the last election we almost immediately found a district near me where they had registered more voted for Bush than existed in the whole county. Gotta love when they're obvious.

Re:Heh.

[rucs_hack]

The problem is that paper based elections are no more secure, and if the physical ballots are lost, you're screwed. Accidents do happen, so you can't say they never would be. We need a better voting system that takes advantage of our new computing technology.

I'm not saying that the current electronic systems are a good idea though.

The primary flaw of the currently available voting machines is that they are all proprietary. This means a company has a commercial interest in hiding flaws, and is more likely to push out a device with flaws (or fight to prevent their discovery), if they convince themselves that fixing the flaws isn't worth it, in view of the profit reduction that would result.

We need a voting machine system which is impartial, and not run as a for profit exercise.

I think the best method would be to set up a consortium of major technology corporations to create the voting machines, and have them run it as a tax break, with rental fee's going to charities, not to the corporations themselves. After all, they have all the smart people working for them, and if profit is not a factor, and no single company has control, the system is less likely to be flawed.

Before anyone starts foaming at the mouth about big companies I say this. They already run your health system, your financial institutions, your currency, transportation systems, and your food supply. It's not such a big leap.
Plus, co-operation is already happening with software technology.

Re:Heh.

[Chandon Seldon]

The problem is that paper based elections are no more secure, and if the physical ballots are lost, you're screwed.

They aren't? How many man-seconds alone with the ballots does it take to change the result of a paper election by editing the ballots? How many cubic meters of stuff do you need to carry to swap in forged ballots? Now how about electronically stored ballots?

Re:Overly Complicated

[Chandon Seldon]

An adder is generally either used by a single user who wants accurate results or by a group of users who all want the same accurate results. Further, adders are generally designed as general-purpose components that will be used in hundreds of different applications - making one that output 3 for 1 + 1 would simply be a poor business decision when it was noticed rather than an effective attack against some specific application.

In contrast, voting machines are specific-purpose devices that are *always* used by large groups of people; and any of those people might want to tamper with the election. It should be obvious that this creates a relatively complex *security* problem rather than a simple electrical engineering / programming problem.

Re:Heh.

[ArcherB]

They aren't? How many man-seconds alone with the ballots does it take to change the result of a paper election by editing the ballots?

You mean to print ballots that are pre-filled out? I could print about one a second. Not that this matters as I could do it at my leisure.

How many cubic meters of stuff do you need to carry to swap in forged ballots?

If I pre-stuff the box with my pre-printed ballots before the polls even open... Zero. If you swap the ballot box out after the polling and dispose of the original, then you need a replica of the box.

Now how about electronically stored ballots?

Well, since you need physical access to the machines since they are not on the network, this could take a while. Once you get access, how long to upload whatever changes you want to make could take a while. Of course, you also have to make sure to clear all logs of your access and try to make sure that any changes you made are not detected by something as simple as MD5SUM on pre-polling files.

Sorry to say it but any retard can stuff a paper ballot box. It takes an experienced hacker to hack an electronic election.

Personally, I feel that an electronic voting machine should print out a serial numbered, easy to read paper ballot that you have to drop into the box before you leave. Now you have the best of both worlds. If the electronic numbers do not match what is in the paper ballot box, investigate. Each serial numbered ballot should have a corresponding electric vote. Now to steal this kind of election, you'd need to stuff the ballot box with votes that are actually in the machines memory. Not impossible to hack, but much more difficult that hacking either a paper or electronic system alone.

Re:Heh.

[berashith]

It takes a single well paid experienced hacker a very short time to change A LOT of the ballots. It takes a retard at each polling place or box collection point to initiate each swap. Now, add in the fact that a box of ballots can be sealed with a label with a tamper evident serial number, the changes on electronic seem much more difficult.

Re:Heh.

[dgatwood]

We need a better voting system that takes advantage of our new computing technology.

I have a pretty good idea where you'd begin.

• Two stations that must conform to a set standard and may not be built by the same vendor in any polling place.
• First station casts the vote, second station allows you to verify it. Both count the votes independently and report back independently to separate counting systems built again by separate vendors.
• The voting station must generate a unique symmetric key that must be registered upstream to the backend counting system, but may not be recorded on the vote token. That backend must then make it available to any other counting system that asks. Appropriate cryptographic protection must be used to ensure no unauthorized system can ask.
• The checking station must then request that key to decrypt the vote for verification purposes.
• If the vote verification shows that the vote was incorrect, the user cancels the vote and, upon returning to the voting station, revotes. The cancellation is propagated back to the voting station by the transportation of the vote token as a negative vote.
• After voting, you retain your voting token, and can connect it to a USB port (or a flash card reader, perhaps) and run a program that queries the vote counting system. Because the encrypted vote is still present, the servers can each independently verify whether the vote was, in fact cast. This path should not allow access to the key needed to decrypt the vote, however, thus preventing people from using this as a way to sell votes.

Of course, the security would still depend on the standards being defined by a group of people familiar enough with crypto to come up with a robust and reasonably secure standard for doing all this, but at least by requiring independent verification, this significantly reduces the likelihood of vendors being bought off successfully without getting caught, and by allowing vote counts to be verified independently after the fact against all of the counting servers, this significantly reduces the ways in which blocks of votes can get "lost" by corrupt election officials.

this is just stupid

[Anonymous Coward]

I cannot believe we are STILL talking about electronic voting. Al Gore lost 8 years ago. Get over it. We bank online, fill out our taxes and even buy our clothes and music online but suddenly voting electronically is some kind of demonic practice. The problem (is there really is one) is poor implementation not a flawed concept. If you don't like one particular implementation of electronic voting, build something better and sell it to the county where you live. I am so sick and damn tired of people screaming about voter fraud and electronic voting problems because their guy lost.

Just one more thought: Since we do not tie ballots to a particular voter id, what would keep an unscrupulous poll worker from stuffing the ballot box?

I think the solution to this is not less technology but more openness. How bout every vote (paper or electronic) have your voter id number on it next to your vote. Then you can log in after the election and pull up your vote and SEE what you did. That's real verification. Anything less is limp dick masturbation.

Re:You can't make this stuff up...

[malilo]

I have decided I am tired of this argument. Honestly. It's already illegal, so anyone caught doing this would face DIRE consequences... and if you can convince anyone that keeping it under wraps would be possible, I'll be amazed.

Re:Bullshit.

[rucs_hack]

Please explain how a distributed pen and paper system breaks as the number of voters increases.

Please post as something other than AC to make me feel I should answer your question.

Since you are using the internet, and visiting slashdot, I assume you aren't a technophobe, so get with it, get an account or uncheck the 'Post Anonymously' box. Then I'll debate.

Re:Ohio

[bogjobber]

Sounds like bullshit to me. Unless, of course, you can provide some sort of reference.

Re:Heh.

[electrictroy]

The State of Maryland had a really good system (I think). Each person was handed a paper ballot, and you drew a line next to the person you wanted. The ballot was then scanned by machine. So this provided two benefits:

- it was quick to tally the results because it was done electronically

- but in the case of suspected fraud (like the main article) it was easy to go back and review the ballots. Like a paper receipt at a store provides proof of purchase, the voter ballots provided proof of how each person voted. The electronics provided the primary tally, while the paper provided a secondary backup system.

Now we have computers.
Easily hacked & changed.
And no way to undo the hack (no paper trail).