Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

California to Start Review of Voting Machines

Posted by ScuttleMonkey on Wed May 09, 2007 05:11 PM
from the nitty-gritty dept.
Security Government Politics
An anonymous reader writes "California Secretary of State Debra Bowen just announced details about the previously discussed 'top-to-bottom review' of almost all voting and counting systems used in the state. The team features big names in e-voting security: David Wagner, Matt Bishop, Ed Felten, Matt Blaze, and Harri Hursti, among others. Vendors have time to submit their machines including documentation and source code until July 1st or face severe restrictions, including decertification, for the 2008 elections. Scheduled to start next week, the review will include a red-team attack and going through the source code."
+ -
story

Related Stories

[+] Politics: CA Proposes Rigorous Voting Machine Testing 172 comments
christian.einfeldt writes "During her successful campaign for California Secretary of State, newly-minted California Elections Czar Debra Bowen spoke repeatedly of the need to use free open source software in voting machines to ensure the integrity of California's elections. Now that Secretary Bowen is acting on that campaign pledge, closed-source voting machine vendor Diebold worries aloud that rejecting its black-box voting machines could snarl California's elections. Diebold's concerns come at the same time that it is suing Massachusetts for declining to purchase those same voting machines." Quoting: "California's elections chief is proposing the toughest standards for voting systems in the country, so tough that they could [have the result of banishing] ATM-like touch-screen voting machines from the state. For the first time, California is demanding the right to try hacking every voting machine with 'red teams' of computer experts and to study the software inside the machines, line-by-line, for security holes."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

California to Start Review of Voting Machines 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.
  • ...But it's about time that electronic voting machines were beta-tested!
    • The last 2 elections were the beta.

    • Source code and freedom of information? (Score:5, Interesting)

      by Marcion (876801) on Wednesday May 09 2007, @05:37PM (#19059587) Homepage Journal
      Anyone know what the rules for freedom of information apply here? Could these rules be used to examine the source code for flaws?

      • Re: (Score:3, Insightful)

        by Touvan (868256)
        Even if you could review the source code, there would still be no way for you to validate that the machines running on election day, are running code that was compiled from the source code you reviewed.

        In other words, you can't look in the machine as see what it's doing.

        Paper trails are useless, since you can't invoke them unless there is a good enough reason to do so (close enough election usually 1% or so - not a big deal really, just set your machines to steal more than 3%).

        At the end of the day, the onl
      • FOIA requires access to public records. It's possible that source code could be defined as a public "record," though it might be stretching the definition. "Records" are defined as tangible documents, which could certainly include computer files, but it seems to me that the govt would argue that voting documents and results are "records," but source code is part of the process by which the records were created rather than the records themselves. Besides, wouldn't this open up all source code used by fede
        • Even the state vs. federal thing aside (as I suspect these machines are used in states that have similar laws to the FOIA), they are made by contractors, not the government itself, so that's a big sticking point. And then of course you'll have them claiming trade secrets etc etc and everything under the sun they can thing of to avoid opening the code, and it's in no way painless or quick any way you look at it.
        • sorry to respond to my own comment, but I remembered something else. FOIA contains exemptions for trade secrets, which generally applies to confidential financial or commercial information, but there is no doubt that it could apply to source code as well. State FOI laws also most likely contain a similar exemption. You actually want this exemption, of course, so that records related to government contracts or agency oversight are not available to the public (you want business confidence, for example, tha

  • California should use Certified mail. (Score:4, Interesting)

    by Anonymous Coward on Wednesday May 09 2007, @05:27PM (#19059441)
    Ballot materials are "delivered" without proof. Even the moment to cast a ballot should be a postal duty. So-far, they can't say if mail was delivered or not when using the non-stamped commercial mail-meter rate. Every certified mail delivery of a vote from a person should be counted once by the postal Clerk in Record of the Direct Treasury Account. A network would facilitate a real-time audit of the vote; emphasizing between the debt to cast a vote in one's favor in valuation of their debt: a citizen-subject as opposed to a Citizen, not confused with a denizen or a national.

      • one is a receipt for the person to take with them.

        No...

        No...

        NO!

        That would enable vote-selling/blackmail and break the secrecy of the secret ballot. "Bring me your vote for candidate X, and I'll pay you $10!" or "Bring me your vote for candidate X, and your house won't mysteriously burn down tomorrow."

  • Not to sound particularly paranoid, but... (Score:5, Interesting)

    by infestedsenses (699259) on Wednesday May 09 2007, @05:28PM (#19059455) Homepage

    Vendors have time to submit their machines including documentation and source code until July 1st or face severe restrictions, including decertification, for the 2008 elections.

    How will the state ensure that these machines will be identical to those used on election day? Will random voting machines be checked with similar precision during the elections, or what guarantee do we have that these machines will not have been tampered with through "enhanced" source code? I had a glimpse at the FAQ but could not find any information on this, perhaps someone has some pointers?

    For this same reason, Consumer Reports and other reviewers buy products anonymously from stores instead of receiving them from vendors, due to previous cases in which the process (such as that intended with the voting machine review) has been taken advantage of.

    • How will the state ensure that these machines will be identical to those used on election day?

      AFAIK, States with electronic voting already have procedures in place to check the integrity of the voting machine software. Though some of these checks happen after the election.

      That's how they've caught Diebold (I don't recall if other companies did the same)doing last minute software updates to correct functionality issues.

      The biggest stick that the States have is that if they catch a company cheating, there are

    • Once the source had been approved once, wouldnt they simply be able to generate a hash out of the entire set of source, AND of the binaries themselves, and simply compare the machines hashes to the evaluated ones periodically?

  • Chuck the Lot (Score:3, Insightful)

    by glomph (2644) on Wednesday May 09 2007, @05:28PM (#19059459) Homepage Journal
    Voting machines provide no advantage, other than obfuscation of possible/probable tampering and errors. Code reviews are a waste of time. Bring back paper. Non-tangible bit-flipping to register votes will never be sufficiently accountable.

    At VERY minimum, institute scantron (filled in boxes on paper) voting.

    • Uh, no. (Score:5, Insightful)

      by raehl (609729) <raehl311@yahoo.MENCKENcom minus author> on Wednesday May 09 2007, @05:37PM (#19059583) Homepage
      Voting machines provide no advantage

      Electronic voting machines are in virtually every way superior to paper voting machines.

      They prevent you from accidentally submitting an invalid ballot.

      They can be updated with a correct ballot much easier than actually printing ballots.

      They can more easily accommodate voting by the disabled.

      They can randomly display the list of candidates, eliminating the 'first ballot position' advantage.

      What does NOT have many advantages, and has several disadvantages, is electronic vote-STORING machines. We definitely don't want any of those. But as long as the voting machine kicks out a voter-readable paper ballot, we don't really even need to know the software it's running. Anything nefarious will be obvious on the ballots.
      • Great. get a SuperMario voting machine, that faithfully spits out the choices you beep-clicked into the blinkie-box. SO WHAT? What actually happens during the aggregation of the voting has no relation to the printout, and cannot be traced. Unless the machine holds an identical, machine-readable printout that you can see, internally. Not bloody likely.

        Too bad for the trees, how about staying away from McDonald's on election day... there's a lot more environmental damage in a meal there, than a sing
        • It's the paper output that is counted.

          If you are willing to accept a scantron with votes as a ballot, there's no logical reason not to accept a sheet printed by an electronic voting machine as a ballot. The only difference is that one is filled out with a pen and one is filled out with a fancy typewriter.
          • Thanks for the clarification.

            Yeah, that's better.

            But I don't see that this is any better than a well-designed Scantron (darken-the-box) paper ballot.

            Just seems like a way to waste money. And I'm sure that visually-impaired types would rather
            handle paper than look at a screen and use a touch screen, or whatever.

              • using a machine AND voter-readable font

                Machine counting of votes is also sketchy. The big controversies in the 2004 election weren't about direct-recording machines, they were about the automated ballot counting machines. Unless you have a policy in place to require that the paper ballots be retained after scanning (rather than being destroyed) and a way to force a manual recount if *anyone* suspects machine tampering, you really haven't gained anything.

                Someone on Slashdot once suggested separating ballot sorting from ballot counting. Put the ballots in a sorting machine and then use a dumb counting machine to count the sorted stacks. That's a much better plan (as long as the counter checks the stack to verify that it's sorted).

        • the obvious solution to me is to use a voting machine to generate the voting record, which is then used to count votes.

          basically, you go in, make your selections on the machine, then when you're done, hit print. out comes 2 copies of your votes, which you can check against what is on screen, then drop one of them in the ballot box and take one home with you. the vote paper would be machine-and-human-readable (ala scantron), allowing for quick tabulation (not as fast as pure electronic voting, but fast eno

          • Re:Uh, no. (Score:5, Insightful)

            by Kandenshi (832555) on Wednesday May 09 2007, @06:10PM (#19059901)
            "The day after the election, you best have a paper record saying you voted for my man Mr. McFakename.
            It wouldd be most ... unfortunate if you were to fall down a flight of stairs repeatedly."

            What I'm subtly alluding to is vote buying/intimidation being possible if you take an official record of your voting behaviours home with you.

      • Re: (Score:3, Informative)

        by jonnybcivics (1100081)
        As someone who's done some academic research on voting technology, I'd like to respond.

        Electronic voting machines are in virtually every way superior to paper voting machines.

        Um...

        They prevent you from accidentally submitting an invalid ballot.

        So do precinct count optical scan ballots (i.e. scantron). The way it goes is that you fill out your ballot and then a poll worker scans it through the machine to make sure you have no overvotes or doodles outside of the designated boxes. If you screwed up, your ballot is destroyed and you get a new one and re-vote. This doesn't happen for central count optical scan ballots (where they box them all up and take t

      • They can be updated with a correct ballot much easier than actually printing ballots.
        Exactly. The ballot you submit can be updated with the "correct" candidate choices right there at the polling place!
    • Paper ballots can be manipulated easily as well. It's just a different set of problems.

      I don't want to waste my time writing down possibilities that are going to be ignored, so anybody who's curious can just use their imagination on how to defraud a paper ballot based system.

      Electronic voting can be secured as much as modern paper ballots - it's not inherently impossible.

      • Re: (Score:3, Interesting)

        by Chandon Seldon (43083)

        Electronic voting can be secured as much as modern paper ballots - it's not inherently impossible.

        Actually, it is inherently impossible for the security properties that matter most for a voting system. Specifically, every voter needs to be able to understand the security of voting process well enough that they can recognize attempts at voting fraud. That's a property that paper ballots that go in ballot boxes can easily have, but is strictly impossible for software installed on a computer.

        Consider a 62 y

    • the problem with paper ballots is the way the US system works and how many choices are made in the voting booth.

      with canadian voting, it works quite fine, as you're only deciding on one person (your MP or MLA, for federal and provincial elections respectively), but when you're deciding on the presidant, the judges, the schoolboard, etc. it gets more than slightly confusing and becomes difficult to keep the ballot to a reasonable size and have it remain usable by the visually impaired.

      though scantron would b

      • Re:Chuck the Lot (Score:4, Insightful)

        by raehl (609729) <raehl311@yahoo.MENCKENcom minus author> on Wednesday May 09 2007, @05:42PM (#19059647) Homepage
        What we have is a case of a good idea implemented very poorly. Honestly something as simple as connecting a drivers license number and name to each ballot would vastly increase accountability and how reviewable an election would be. It's a good idea in need of a huge makeover.

        It would also entirely destroy the concept of an anonymous voting system. One of the important parts of voting is knowing the winning candidate won't be able to track down anyone who didn't vote for them.

        • Re: (Score:3, Insightful)

          by mmurphy000 (556983)

          One of the important parts of voting is knowing the winning candidate won't be able to track down anyone who didn't vote for them.

          To quote from the xDebate wiki [xdebate.org]:

          The "politically incorrect" answer is that society should work on fixing the root causes. Anonymity in elections is primarily an issue because of potential retaliation if somebody doesn't vote as they "should" (e.g., loses job, loses limb). The cost of anonymity in elections is in the social aspects of public participation — without visible

      • Honestly something as simple as connecting a drivers license number and name to each ballot would vastly increase accountability and how reviewable an election would be.

        Wonderful .... yesterday, I read way too many comments here on slashdot about people railing against the idea of a federal, government-mandated ID ..... and now you're thinking that somebody should need a driver's license to vote?

        What the bloody hell does the ability to operate a car legally have to do with somebody's right to vote?

  • When they are used in the 2008 election, will the code they are running match the audited source code?
  • I don't see anything in the reiew draft or FAQ about voter-confirmable human-readable records [scarydevil.com] (paper ballots, tapes, or other human-readable media). If there is a printed human-countable ballot that the voter can visually confirm was correct and saved then the possibility of electronic fraud is minimized.

  • Voting is fun again (Score:4, Informative)

    by Original Replica (908688) on Wednesday May 09 2007, @05:33PM (#19059525) Journal
    Now if we have secure, trustworthy voting (electronic or not) and Maryland's governor gets his way, people might actually feel like their vote means something again.

    Maryland Governor Martin O'Malley signed off on legislation [SB 634 materials] Tuesday that will award Maryland's ten votes in the US Electoral College [NARA materials] to the national popular vote winner in presidential elections, instead of the recipient of the most votes in Maryland. The legislation will only take effect, however, if a majority of the states representing the total 538 electoral votes adopt similar laws. The bill's sponsor, state Senator Jamie Raskin, told AP that the move to a popular vote system "will reawaken politics in every part of the country," even Maryland, a state presidential candidates usually sidestep because of the belief that it will always vote for the Democratic candidate.http://jurist.law.pitt.edu/paperchase/20 07/04/maryland-governor-signs-law-changing.php [pitt.edu]
    • Ok, this is idiotic. Why should a state's electoral vote determination have anything at all to do with voters in other states? This really dilutes Maryland voter's individual input. If this were enacted by everyone, the electoral college would be a unanimous vote. "Winner take all" in a state is better than this, though proportional electoral vote on a per state level is best, IMHO.
      • If this were enacted by everyone, the electoral college would be a unanimous vote that always matched the national popular vote, and would thus not even matter.
  • They won't submit their source code. They've been down that road before, and pulled out of North Carolina.

    Link [eff.org]

    • Re:Diebold won't comply (Score:4, Interesting)

      by koreth (409849) * on Wednesday May 09 2007, @05:43PM (#19059655)

      If they pull out of California because of that, they may as well just quit the election systems game altogether. It's the largest market, and more importantly, when California does significant things, other states very often follow its lead, for better or worse.

      Not, mind you, that I'm saying it's a bad thing for Diebold to get out of the market. (Which it's been reported they're considering doing anyway.) Don't let the door hit your ass on the way out, I say to them.

      • If they pull out of California because of that, they may as well just quit the election systems game altogether.

        Diebold was already decertified in California and sued by the state on charges of fraud. I have heard nothing about recertification since then.

        And yes, they might as well pull out of the election market. Just today I saw "Diebold" written on an ATM, and couldn't help but lose faith in the ATM.

    • Re:Diebold won't comply (Score:5, Informative)

      by OWJones (11633) on Wednesday May 09 2007, @06:27PM (#19060097) Homepage

      As one of the people involved in the crafting of the North Carolina law and supporting Joyce's lawsuit, I can clarify a bit. We suspect Diebold pulled out of North Carolina not because of the source code escrow issues (which they claim to have complied with in Georgia) but because the CEO of each voting company had to sign a legally binding document saying that the source code his company installed on our machines was the same code that would be placed in escrow and provided to the examiners. On the day this document was due Diebold pulled out of the state, sending a "helpful" letter to the State Board of Elections offering to help "reform" our newly-passed law.

      -jdm

  • I appreciate California's effort to verify that their electronic voting machines work. I have developed an economic process for certifying electronic voting machines.

    1) Determine if the voting machine produces a voter-readable, paper ballot.
    2) Determine if this ballot is the OFFICIAL voting record.
    3) If 1 and 2 are true, then the machine is good. If not, it's not.

    There you go. Why do people insist on making easy problems hard?

  • stupid... (Score:4, Insightful)

    by j0nb0y (107699) <jonboy300@[ ]oo.com ['yah' in gap]> on Wednesday May 09 2007, @05:56PM (#19059769) Homepage
    There is no need to see the source code for this software.

    There is only one specification for a secure voting machine, and it is easy to test. There is no need to see the source code. If the machine meets the spec, it is a secure voting machine. Otherwise, it is not, and should not be certified.

    Here is the specification:

    1. The voter votes on the machine.
    2. The machine prints out a ballot.
    3. The voter checks the ballot for accuracy, then deposits it in the ballot box.
    4. Ballots in the box are tallied for the official vote count.

    Simple, easy, secure, reliable, and recountable. There is no need to see any source code.

    A voting machine which doesn't meet this spec is not secure. It doesn't matter how many times you check the source, the machine will still not be secure. An "open source" voting machine which does not meet this spec is not secure. /.ers like to equate secure voting machines with open source. I like open source, but trying to inject it in this issue is foolish. It is irrelevant whether the voting machine uses open source software. Either it meets the spec, or it doesn't.
    • You are right, vieweing software is pointless b/c you never know what is on the machine, but your naive strategy is far from secure.

      You forgot a few key bullets to name a few:

      1a) Only a valid voter may vote

      3a) the ballot matches the vote that is recorded internally and wasn't spoofed to the printer

      4a) the storage method, accounting method, global upload, global tally are all secure

    • Yes. What you say is correct and should be the ultimate test. But seeing the source code is a useful thing to check too. Sometimes source code is of such poor quality that you wouldn't trust it to count your spare change. If this is the case, then it's good to be able to see.

      Also, you might want to check for security problems in the code. Yes, the printed ballot should be checked by the voter before accepting, but not every voter is perfect. It's nice to have multiple levels of error checking for some
      • Even if you have the source, there's no way to certify that it is the same code that will be running on the machine on election day.

        This is just one of the many reasons why it is a complete and utter waste of time to check the source code. Even worse, the source code is a distraction from the real issue, which is security.
        • Even if you have the source, there's no way to certify that it is the same code that will be running on the machine on election day.

          Yes there is. You compile the source yourself and then check the hash of the resulting binary against that in the machine.

          Geez, I thought that slashdot was the home of computer-literate people.
          • It is trivial to write a program that prints out a fake hash.

            Ever heard of a root kit? You can't trust anything displayed on a computer screen.
  • I'm tired of voting machine stories. I don't think anybody is actually doing anything except providing lip service because it's deja vu all over again. I think the term "review" is open to review.

    • Re: (Score:3, Informative)

      by billstewart (78916)
      wikipedia ref on Debra Bowen [wikipedia.org].

      Secretary of State is an elected position in California, and Debra Bowen got elected last November, so she hasn't been in place long. Previously she was in the state assembly and then state senate, where she was one of the influential people on open government, open records, and privacy issues, and made a big issue of doing something about the voting machine problems. I gather there are other issues where some people passionately hate her, but for the most part she's been vie

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.