Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Government Bug United States News Politics

Open Source Program Reveals Diebold Bug 175

Mitch Trachtenberg writes "Ballot Browser, an open source Python program developed by Mitch Trachtenberg (yours truly) as part of the all-volunteer Humboldt County Election Transparency Project, was instrumental in revealing that Diebold counting software had dropped 197 ballots from Humboldt County, California's official election results. Despite a top-to-bottom review by the California Secretary of State's office, it appears that Diebold had not informed that office of the four-year-old bug. The Transparency Project has sites at humetp.org and http://www.humtp.com." Trachtenberg also points to his blog for the Transparency Project, and his own essay about the discovery and the process that led to it.
This discussion has been archived. No new comments can be posted.

Open Source Program Reveals Diebold Bug

Comments Filter:
  • First Post (Score:5, Funny)

    by Anonymous Coward on Sunday December 14, 2008 @07:27AM (#26110103)

    Hey, Trachtenberg do you have a sister? And was she somehow the key to all of this?

    • Oh cone on mods, that was funny. Haven't you guys ever heard of Harriet the Spy [imdb.com]?

      • Re:First Post (Score:4, Informative)

        by cathector ( 972646 ) on Sunday December 14, 2008 @11:21AM (#26111113)

        on the off chance you're actually after an answer to the question in your .sig, the reason is that irregular forms such as -en simply die out when a generation of speakers rarely hears and uses the past-tense of a particular word, and so when it finally comes time for an individual to use the past-tense and they've never heard it, they just apply the regular rule of adding -ed. so a corollary would be that the past-tense of "prove" is being used less frequently than it was in previous times.

        words and rules [wikipedia.org] by steven pinker is an entire book about irregular verbs, and i believe has a sentence or two about proven/proved. he definitely has many paragraphs, possibly a chapter, on the -en / -ed deal. he also talks a bit about why irregular forms persist over time. he also has some serious pedantic axes to grind.

        • Thanks for the knowledge, even if you got modded "Off Topic". Considering I'm only 25, I find it kind of funny that you say a "generation of speakers". Maybe I'm just getting old before my time...damn kids! ;)

  • by sapphire wyvern ( 1153271 ) on Sunday December 14, 2008 @07:41AM (#26110143)

    It's usually correct to not blame on malice what can be explained by incompetence. But I do find it hard to understand how a seemingly-simple requirement (essentially, count the number of times a button has been pressed) can be so badly botched by a company whose other "secure terminal" products (eg, ATMs) seem trustworthy and reliable, without the implication of a sinister motive.

    • by shaitand ( 626655 ) on Sunday December 14, 2008 @07:51AM (#26110165) Journal

      Someone with 30 minutes of quickbasic experience can write an application that accurately counts button presses.

      The fact that we are being asked to swallow this is disgusting.

      • by Anonymous Coward on Sunday December 14, 2008 @08:24AM (#26110295)

        Don't be a retard. No one with 30 minutes of Quickbasic experience can write an application scanning paper ballots and perform optical recognition on them with any degree of accuracy.

        • by db32 ( 862117 ) on Sunday December 14, 2008 @11:52AM (#26111301) Journal
          Your right. They would say "that's a fucking stupid idea to scan ballots and use OCR to read them and then just rely on the machine when it promises that it got the answer right, at the very least we should be counting button presses".

          Do you hold your ATM pin number up to the screen waiting for it to be scanned or do you punch the buttons...
        • Re: (Score:2, Funny)

          by Anonymous Coward

          Yes, but someone with several years of python experience could do this in less than 30 minutes. Just type import ballot_counter Although in Py3K they've changed the name to ballotCounter, just so you know.

        • Don't be a retard. No one with 30 minutes of Quickbasic experience can write an application scanning paper ballots and perform optical recognition on them with any degree of accuracy.

          And the people who write ATM software didn't do any better.

        • by aliquis ( 678370 )

          Why use OCR when you have a fucking machine in the first place? Poorly implemented and retarded method in that case.

          Unless you will let a human read all the papers anyway what do you need them for? And if you do, why do you want the machine in the first place?

          if anything use buttons and let people "sign" on a touchscreen or something to show that they have accepted the selected option, though just asking if it's right or wrong with appropriate buttons should be enough.

        • Why would you scan paper ballots and perform optical recognition on them instead of counting electronic votes. Either way you are trusting the output of the electronic system. Why bother with a middle man that adds no accountability that saving human readable printouts doesn't give you and introduces complexity and errors?

      • by theaveng ( 1243528 ) on Sunday December 14, 2008 @08:24AM (#26110297)

        If you read the article, they were Not pressing buttons. This was a paper-and-pen method followed by a scanning machine. The scanning machine was dropping ballots for some unknown reason.

      • by Elder Lane Hour ( 1430813 ) on Sunday December 14, 2008 @09:46AM (#26110661)

        The fact that we are being asked to swallow this is disgusting.

        The fact that we're being asked to swallow electronic voting is disgusting. Some things electronics simply don't do well, and one such thing is accountability. We should be demanding accountability. Not just in angry letters to congress-critters, but outside voting booths, to the people who mindlessly register their vote, without any real clue if their vote will count or not.

        • by SleepingWaterBear ( 1152169 ) on Sunday December 14, 2008 @10:08AM (#26110765)

          This is a bit of an overreaction. There's no reason that a properly designed electronic voting system can't achieve greater speed and accuracy while producing a paper trail which allows full accountability. Just have the machine produce a printout which the individual voter can verify, then in case of doubt you can always resort to a manual count. Ultimately electronic voting systems should save time and increase accuracy, and we're going to switch to them.

          The problem here is that the politicians have no idea what a properly designed electronic voting system looks like, and so they just leave it all up to Diebold and the like, who have no real incentive to do things right. What we really need here is a detailed set of specifications for how voting machines ought to perform, and laws that prevent machines which don't meet those specifications from being used in an election.

          • by mrmeval ( 662166 ) <jcmeval.yahoo@com> on Sunday December 14, 2008 @01:12PM (#26111845) Journal

            That's shit. I'll take the ballot I handle and allow it to be scanned. If the count is suspect then the ballots exist outside of some computer generated fantasy and real humans can count them.

            • by SleepingWaterBear ( 1152169 ) on Sunday December 14, 2008 @02:50PM (#26112423)

              That's shit. I'll take the ballot I handle and allow it to be scanned. If the count is suspect then the ballots exist outside of some computer generated fantasy and real humans can count them.

              Well, that's why you have a printout which the voter verifies and essentially acts as your 'ballot'. Then you make sure that in the case of any remotely reasonable doubt you do a hand recount. I know I'm repeating myself, but your response suggests I wasn't clear enough.

              • by laron ( 102608 )

                That should be fairly easy to implement, as you would only need a slightly modified supermarket POS terminal.
                - Press button, machine registers and counts the vote
                - get paper slip (aka ballot)
                - drop ballot in box

                If you ask nicely, you are allowed to re-count the paper ballots if you suspect foul play.

                • by mrmeval ( 662166 )

                  They're printed on heat sensitive paper. So I'll leave all the drempulsocrats ballots somewhere hot but still in the sealed box. Yummy yum Chicago cooking.

                  One must ask why Diebold actively fought implementing a paper trail.

                   

              • by mrmeval ( 662166 )

                The print out the user gets is X and the one the machine stores is whatever fantasy is needed along with the electronic tally.

          • Having a single corporation or institution count the votes is a problem in itself, no matter whether humans or machines read the actual ballots.

            What I really want after I push the button is to immediately get my vote acknowledged by multiple independent (and competing) parties.
            When both the democrat's and the republican counter has acknowledged my vote then I can be fairly sure that any tampering will be detected.

            So how can this work? My idea would be cryptographic signing. Each vote gets a unique number t

            • Re: (Score:3, Insightful)

              by HornWumpus ( 783565 )

              Your union rep wants to see your voting receipt to make sure you voted 'correctly'!

              If that doesn't scare you imagine the same scenario with your boss doing the verification.

              You can't make the system 'voter auditable' without losing the secret ballot.

              Take your idea but don't print the verification number on the ballot. Store it in the voting machine then reconcile the machine records to the central databases at the end of the day as a check. Hackers would have to change multiple systems in synch to ge

              • Well, yes, my proposed system is obviously not perfect, I just think it'd be a step into the right direction.
                I'm not sure I buy into the union rep/boss scenario. That kind of opression would clearly be illegal and I doubt it could
                be pulled off on a large scale without someone reporting that union rep/boss to the authorities.

                Anyways, an interesting (but probably too complicated) variant could also be to combine the vote with a user-chosen pin and duress pin.
                The counter-websites would only return the actual v

                • PS: Thinking about it more, maybe not even *that* complicated after all.
                  The voting machine could indeed just display the list of PINs after the user is done voting.
                  "Pin 1234 for reps", "Pin 1235 for dems" etc.

                • We use the union rep/boss examples because that's what used to happen.
                  Try the same scenario where it's the authorities you mention who want to tell you who to vote for.Just like in many many countries around the world.

                  Anon voting is fairly new and before that it wasn't uncommon for people to be killed/beaten for voting for the "wrong" party.

              • by enoz ( 1181117 )

                You can't make the system 'voter auditable' without losing the secret ballot.

                Oh yes you can [wikipedia.org].

                Punchscan [slashdot.org] has animations and pdfs [punchscan.org] explaining how it could work.

          • Re: (Score:3, Informative)

            by User0x45 ( 530857 )

            Close, but just to be clear.

            > just have the machine produce a printout
            > which the individual voter can verify,
            > then in case of doubt you can always
            > resort to a manual count.

            The DRE interface is good to use in making selections in an election. A machine prints or punches or otherwise indicates the voters intent on a piece of paper (a paper ballot). The voter holds it, looks at it, and confirms it is a proper rendering of their vote. Then they take their paper ballot and walk away from the DRE.

        • Yes, well, my vote counted! That is what the sticker I got after I voted said anyway (no joke).
          • Re: (Score:3, Funny)

            by digitalunity ( 19107 )

            Mine too. After the OCR machine acknowledged my ballot was readable, they gave me a sticker that said "I voted".

            I asked him for a second one and walked around all next day with two "I voted" stickers on.

            Surprisingly, nobody asked me if I voted twice.

            • by whoever57 ( 658626 ) on Sunday December 14, 2008 @12:54PM (#26111723) Journal

              Mine too. After the OCR machine acknowledged my ballot was readable, they gave me a sticker that said "I voted".

              It may well have been readable, but the first articles I saw on this make it clear that being readable is not a guarantee of your vote actually being included in the result.

              The first articles make it clear that votes were counted and then, in some circumstances, From that article: [wired.com]

              The ballots even showed up in preliminary tallies counted on election night on November 4 and in a report printed out on November 23. But some time after this point, the tabulation software inexplicably deleted the ballots without election officials ever knowing.

              Still sure your vote counted?

        • by scribblej ( 195445 ) on Sunday December 14, 2008 @12:36PM (#26111601)

          I program banking systems for a living.

          It's cute that you think "electronics simply don't do [...] accountability." Believe me, I'd be out a job real fast if they didn't.

          The bottom line is, this was handled really, really poorly.

          • Re: (Score:2, Insightful)

            by NotmyNick ( 1089709 )

            I program banking systems for a living.

            It's cute that you think "electronics simply don't do [...] accountability." Believe me, I'd be out a job real fast if they didn't.

            The bottom line is, this was handled really, really poorly

            Or really, really well...

          • Maybe we should turn the design and implementation of an electronic voting system over to people like you, then. Whatever you come up with couldn't possibly be as bad as what Diebold seems to think is acceptable.
        • Re: (Score:3, Insightful)

          by shaitand ( 626655 )

          'The fact that we're being asked to swallow electronic voting is disgusting. Some things electronics simply don't do well, and one such thing is accountability.'

          Paper and electronic systems are equally accountable. The solution is transparency and to combine the two. Count the votes electronically, in real time, on a large publically visible display with a serial number attached to the ballot. You watch your vote be added to the tally. Then you take the human readable, optically scannable printout, again wi

      • by the eric conspiracy ( 20178 ) on Sunday December 14, 2008 @09:57AM (#26110715)

        The fact that we are being asked to swallow this is disgusting.

        Thats what my ex used to say.

    • by eebra82 ( 907996 ) on Sunday December 14, 2008 @08:14AM (#26110257) Homepage

      It's usually correct to not blame on malice what can be explained by incompetence. But I do find it hard to understand how a seemingly-simple requirement (essentially, count the number of times a button has been pressed) can be so badly botched by a company whose other "secure terminal" products (eg, ATMs) seem trustworthy and reliable, without the implication of a sinister motive.

      That's because money is heavily monitored and tracked wherever it goes. Votes are registered and received, but not monitored and traced on two ends.

      • really? so the ATM machine remembers the serial number on each bill it dispenses? they must use massive databases just to keep track of the millions of ATM withdrawals that are made each day, not to mention all the bills already in circulation (16,650,000 $1 bills are printed each day). seems like that would be a heck of a lot harder than tracking electronic ballots cast only once every 4 years.

        votes don't need to be "traced" on two ends. you only need to authenticate (verify the identity of) each voter whe

        • by eebra82 ( 907996 )
          You're missing my entire point, which is that when you (for example) send money to someone, the documents of this transaction is on both ends (the sender and the receiver). Votes basically go one way.

          The point is that there is room for voter frauds simply because of this. If it was a money transaction, it would never work simply because the documentation had to match on both ends.

          Don't dig too deep into my comment, because I was only making an obvious point about why financial security systems are far
    • Re: (Score:3, Interesting)

      by Benfea ( 1365845 )

      I am also a believer in Hanlon's Razor. In fact, I I'll stick with Hanlon on this one and disagree with you.

      When the owner of Diebold boldly promised to "deliver" Ohio to the Republicans (was it in 2004?), I'm pretty sure he was talking about how easy his product is to hack, not about bugs in the software (intentional bugs or otherwise). There is strong circumstantial evidence that Diebold has been involved in intentionally changing the results of elections, but I don't think this particular counting mishap

      • what moron modded this comment a troll? is "-1 Troll" the default mod for "waaahhhh! reality doesn't agree with me!"?

        if you disagree with the views expressed in a comment, the appropriate thing to do is to respond to it (and preferably refute it in mature/rational manner). modding someone down just for disagreeing with you is a sign of intellectual cowardice.

    • by kvezach ( 1199717 ) on Sunday December 14, 2008 @08:27AM (#26110303)
      If anything is simple enough for formal verification to work, yet important enough that formal verification should be used, surely voting machines must be it. Of course, if they're really doing this out of a sinister motive, then (to them) there's no point.
    • Comment removed (Score:5, Informative)

      by account_deleted ( 4530225 ) on Sunday December 14, 2008 @08:28AM (#26110309)
      Comment removed based on user account deletion
      • Re: (Score:2, Interesting)

        All the more reason not to trust even a full blown QA team with our votes.

        • Comment removed based on user account deletion
          • by pbhj ( 607776 )

            The solution is to build a system where you don't have to trust anything (or as little as possible), because it's fault tolerant and has verifiers in place to catch things.

            And the problem with that is that it's supposed to be a secret ballot. I'd like to be able to use an online form with some sort of hash so that I could check my ballot had been recorded correctly. Such a system leaves others open to being pressured into voting in a particular way however.

            You can't have a voter verified system that is also secret (unless you require those who want to secrete their vote to be active in hiding it). So, like you said you have to have some trust involved.

            • by MarkusQ ( 450076 )

              I'd say of the two, secrecy is the less important requirement and if one of them has to be dropped, it should.

              It comes down to a choice between:

              • A system where votes can be stolen one at a time, with the individual voter's full knowledge and participation.
              • A system where votes can be stolen wholesale, with the voters never knowing.

              Which do you suppose would be harder to rig?

              --MarkusQ

            • by dryeo ( 100693 )

              Pretty simple. Computer prints out your ballot. You verify that it is printed correctly. You deposit it in the ballot box. You watch the ballot box along with other interested parties. You watch the ballot boxes seal being broken and the count taking place. You have verified that your ballot along with all other ballots in the box has been counted. You also watch as ballot box is resealed for recount purposes.
              You have a voter verified system with full anonymity.

              • by pbhj ( 607776 )

                You have a voter verified system with full anonymity.

                Sorry I missed the bit where you verified your vote was counted and included in the total .. perhaps you can point it out to me? Or do you mean that each voter follows the box between polling station and counting centre and is able to count the papers for themselves?

                • by dryeo ( 100693 )

                  The polling place is the counting place. When the polls close ballots are counted by the election officials while being witnessed by any interested parties eg representatives of the main political parties and any citizens that wish to watch.
                  Anyways that's how it is done here, (Canada) minus the computer (ballots are simple) and I have a pretty high confidence that my vote is counted. There are still weaknesses in the system like the early votes and absentee votes, still there is usually no questions raised

      • by rs232 ( 849320 ) on Sunday December 14, 2008 @11:28AM (#26111145)
        "it looks like a pretty normal software bug"

        maybe on your planet the ability to count up in single integer increments is considered too esoteric for the average QA team, but here it's something the average IT student can manage ..
      • I've seen far worse things get paste a full blown QA team.

        Or a copy editor ;)

    • Re: (Score:3, Interesting)

      There are a few differences between ATMs and voting machines. First of all, ATMs are used daily, and if there was a bug in an ATM, it would be caught very quickly. Second of all, ATMs can be reflashed using the same connection that they use to contact the bank, so if a bug was found, it could be corrected very fast. Also, a bank has a HUGE financial incentive to test ATMs extensively before putting them in service, so it is unlikely that a bug would make it into the real world.

      In general, it is hard to
      • by rs232 ( 849320 ) on Sunday December 14, 2008 @11:43AM (#26111237)
        "There are a few differences between ATMs and voting machines. First of all, ATMs are used daily, and if there was a bug in an ATM, it would be caught very quickly. Second of all, ATMs can be reflashed using the same connection that they use to contact the bank"

        Firstly, voting machines should be subject to a full stress test before being deployed in a live election. Secondly ATMs can not be remotely 'reflashed', To upgrade required the replacement of the ATM module and the use of an external hand-held unit (plugged into the ATM) and the presence of two bank officials and the use of two unique PINS.
      • There are a few differences between ATMs and voting machines. First of all, ATMs are used daily, and if there was a bug in an ATM, it would be caught very quickly.

        If there's a bug in an ATM, it's caught quickly because there is a second set of accounting in place, not because ATMs are coded to some ridiculous higher standard.

        For example, I've worked at a financial institution before. Some regular network maintenance interrupted the connection between our ATM network and our core host. A customer was using

      • A more fundamental difference between ATM's and voting machines is that in financial transactions, there is always a counterparty who cares about detecting and rectifying the mistake. If the ATM shorts you money, you know immediately, and are going to throw a fit with your bank. If the ATM gives you too much money, the totals aren't going to match and the bank is going to throw a fit tracking down the error.

        The issue with secret ballots is that it's difficult to perform this sort of reconciliation to dete

  • Stalin told us: "It's not who votes. It's who counts the votes," but we NEVER listen to anybody - huh? (Not that I am a fan.)
    • What bothers me more (Score:4, Interesting)

      by WindBourne ( 631190 ) on Sunday December 14, 2008 @09:37AM (#26110623) Journal
      is not that companies like Diebold would be corrupt. It is that BOTH dems and pubs have pushed NOT to have a paper trail. Basically, they claim to have our best interest at heart, and yet, we have the likes of Cheney, Rove, Libbey, Delay, Hastart, Stevens, Jefferson, Blogovitch, Daley (certainly original ) , possibly Jackson Jr, etc, etc, etc. Even now, some dems are pushing for NO punishment for Stevens and others are saying no investigations into all of W's admin hijinks. Makes you wonder who these ppl are really representing.
      • This just in: People look out for their best interests - always. In other news the sky is blue...

        • Re: (Score:3, Insightful)

          by WindBourne ( 631190 )
          Public servants CAN have all's best interest at heart. There are many. I would argue that most state politicians and most civil servants do in fact have just that. Feds are a different matter. They tend towards corruption. This is true everywhere. Heck, just look at EU. Watching the copyright/patent issues being pushed there. Many citizens object to America's INSANE IP policies, and their citizens are fighting them. But their federal politicians and employees are split. A number of their tactics have sugges
          • Public servants CAN have all's best interest at heart. There are many. I would argue that most state politicians and most civil servants do in fact have just that. Feds are a different matter. They tend towards corruption.

            That's so naive I almost feel sorry for you.

            Oh, and get a clue. There's a difference between doing what's in your best interest and being corrupt.

          • Public servants CAN have all's best interest at heart. There are many. I would argue that most state politicians....do in fact have just that.

            Wow. You clearly do not live in California. Perhaps the only state with a state government more corrupt is Illinois. Hopefully in other places it is better, but here the legislature has gerrymandered the voting boundaries so much that it is rare for them to be voted out of office, and corruption is rampant.

      • They're representing the people who got them elected: lobbyists and large campaign contributors.

  • by Raleel ( 30913 ) on Sunday December 14, 2008 @07:57AM (#26110195)

    In testing. You need to be able to verify the testing mechanism. Open Source will win there because of the ability to view and modify the code. Just verify that you are testing with the same stuff that you reviewed.

    • by Hal_Porter ( 817932 ) on Sunday December 14, 2008 @08:02AM (#26110207)

      In testing. You need to be able to verify the testing mechanism. Open Source will win there because of the ability to view and modify the code. Just verify that you are testing with the same stuff that you reviewed.

      Live Free or Diebold!

    • by dissy ( 172727 )

      In testing. You need to be able to verify the testing mechanism. Open Source will win there because of the ability to view and modify the code. Just verify that you are testing with the same stuff that you reviewed.

      While normally you would be correct, open source will only 'win' in the testing department if the goal in the first place was to have functional software that works (as close as possible) to how it claims to work.
      Can you honestly with a straight face say that was Diebolds want/desire at any point during this e-voting scam?

    • Oh bullshit.

      Q & A doesn't exist anywhere else?

      You're argument is elementary and full of crap.

      Sorry, but THAT'S the truth.

      --Toll_Free

    • In any software that is VERY important, "One doesn't test, one proves". When a test succeeds, you have demonstrated that you have found a bug. When testing fails (no bugs were found), you have not indicated that bugs do not exist. More tests only raise our confidence that the software is good. As one of my professors says, "There always is one more bug"

  • Sounds like they used humans to count the vote in reality.

    A very small percentage. Still a concern.

    • Re: (Score:2, Informative)

      by iammani ( 1392285 )

      A very small percentage.

      ... Assuming that there were no further bugs.

    • "Sounds like they used humans to count the vote in reality. A very small percentage. Still a concern"

      No, not 197 out of 64,161, but 197 votes out of a single precinct, and unknown numbers of others as they were never checked.

      "Crnich said she was told that the software begins counting decks of ballots at zero, and that sometimes when a deck is deleted from the machine due to normal complications, the software also deletes the Deck Zero [times-standard.com], which in this case was the vote-by-mail ballots from Precinct 1E-4
  • Kudo's (Score:4, Insightful)

    by stabiesoft ( 733417 ) on Sunday December 14, 2008 @09:19AM (#26110539) Homepage

    To this guy who took it upon himself to provide this check, and kudo's to the supervisor who made it possible. The idea of providing DVD image scans so anyone can verify the vote is genius. I hope other counties start providing real verification like this.

  • "SANE didn't work with the serial number imprinter on our Fujitsu scanner, so I contacted [mitchtrachtenberg.com] [the] "maintainer" of the SANE Fujitsu backend. He was incredible, getting us some initial changes the same day"

    This is what amazes me about Open Source, if you have a problem, you can contact the developers directly, instead of 'Dave' in some call center in Bangalore ..
  • by kingduct ( 144865 ) on Sunday December 14, 2008 @11:32AM (#26111183)

    I have read over and over about unreliable software counting votes. Why not have each vote be counted by two programs? It seems like it would be fairly trivial to have them share the same interface, but the actual methods of counting votes and securing themselves would be completely independent. They would be written by two sources (whether free or not) and then could be used to test each other (in addition of course to humans counting the paper trail the two would print out).

  • I have no issue with a bug making its way through to production.

    I have an enormous issue with Diebold knowing about it for four years and not recalling their machines and finding a fix.

    Criminal charges, surely?

    Justin.

It's been a business doing pleasure with you.

Working...