California Testers Find Flaws In Voting Machines

quanticle writes "According to Ars Technica, California testers have discovered severe flaws in the ES&S voting machines. The paper seals were easily bypassed, and the lock could be picked with a "common office implement". After cracking the physical security of the device, the testers found it simple to reconfigure the BIOS to boot off external media. After booting a version of Linux, they found that critical system files were stored in plain text. They also found that the election management system that initializes the voting machines used unencrypted protocols to transmit the initialization data to the voting machines, allowing for a man-in-the-middle attack. Altogether, it is a troubling report for a company already in hot water for selling uncertified equipment to counties."

WhiteHat Voting

[JavaBear]

I have 2 solutions to all these problems.

1: Do like the rest of the world, and use a HB #2 pencil.

2: EFF and the rest of the American White hats get together and develop an Open Voting system, that are freely implementable by any state, that can withstand public scrutiny and peer review.

Re:

[jacekm]

HB #2 pencile has a serious flaw. It is suspectible to the man in the middle with cheap eraser.

JAM

Re:

[Frnknstn]

The eraser still leaves evidence of the tampering behind, with a slight stain and the indentation on the paper.

Re:

[Storlek]

How can you accurately differentiate this from the voter accidentally filling in the wrong box and erasing it themselves? You're getting into dangling-chad territory here.

Re:

[JavaBear]

How can you accurately differentiate this from the voter accidentally filling in the wrong box and erasing it themselves?

The easy answer, and incidentally the correct one, is: You don't.

If you put your X on the wrong candidate, you exit the booth and get a new ballot, while the old one is ripped in half.

Re:

[bvimo]

In the UK we don't use rubbers, we start again with a virgin sheet.

Re:

[xENoLocO]

If you translate that to american... it's a pretty funny sentence. :)

Re:

[simong]

Certainly in the UK, if you make a mistake, you are supposed to return the incorrect ballot paper to the invigilators who will void it and give you another paper. The voided papers are also accounted for in the count.

Re:

[morgan_greywolf]

My wishlist of features:

• All data is stored encrypted and signed.
• All communications protocols are authenticated, encrypted and signed.
• There are multiple, redundant backups of all data, including a hard copy paper trail that can be authenticated by a unique signature printed on each ballot
• Voting machine is all open source -- no binary-only anything, no exceptions. This includes the OS -- so Linux or *BSD. It also includes the firmware, so something like OpenFirmware or whatever.
• Source and binaries on each ma

Re:

[JavaBear]

# All data is stored encrypted and signed.

All data should be stored in plain text, and signed with multiple hashes, keys and/or ciphers.

# All communications protocols are authenticated, encrypted and signed.

Only to the extend tat no one can say that for instance booth #5 voted on candidate X.

You don't want to shroud the data in mystery or obscurity, merely make them tamper-proof (resistant).

# There are multiple, redundant backups of all data, including a hard copy paper trail that can be authenticated by a

Re:

[Feyr]

[quote]
# All data is stored encrypted and signed.

All data should be stored in plain text, and signed with multiple hashes, keys and/or ciphers.
[/quote]

i think you nailed that one. most people forget that encryption is no good if you already have access to the key, and the software must have the key if it's supposed to make use of the data in the file. thus, a hacker has the key

remember people: signing good. crypting, not so good

Re:

[Phleg]

At the end of the day, this card is bundled with the paper trail, printed throughout the day like the internal tape in a cash register, and finalized with totals and signatures from election officials.

Storage as you describe would allow the order and time of votes to be reconstructed, destroying anonymity.

Re:

[Bearhouse]

In other words, you want commodity software that anyone could easily, and cheaply copy/use.
Great for citizens & taxpayers, not so good for the manufacturers. They might actually have to do real work to demonstrate the added value of machine x against machine y.

So, sorry, it's about as likely to happen as M$ open-sourcing Windows, (although in other news, I hear that they've offered to show the Chinese Gov. ALL of the windows source code in order to ally suspicions of backdoors - probably in fear of the

Re:

[Bearhouse]

Yup - and a fine record they have of doing that, eh?

http://www.youtube.com/watch?v=J6wNyTYzja8 [youtube.com]

Oldie, but goodie

Re:

[JavaBear]

On THAT note.
Elections should be run by competent people, so politicians should really just stay away from the process.

Re:

[Bearhouse]

Totally agree. Shame that all recent attempts to get redistricting out of the hands of gerrymandering politicos got nowhere, as our demcratically-elected** representitives decided that they were better-qualified to draw electoral boundaries than independant experts.

**In November of 2004, 401 of the 435 sitting members of the U.S. House of Representatives sought reelection. Of those 401, all but five were reelected. In other words, incumbents seeking reelection to the House had a better than 99% success rat

Re:

[bhmit1]

Once you have a voter verifiable paper trail the rest becomes redundant. Though having enough security on the machine so you don't have to rely on the paper trail is a good thing.

But honestly, I don't see why the geeks are so upset here. This is our chance to rock the vote, and make sure that our votes actually count... more than once. If the current politicians aren't going to fix the voting machines, then lets flip a few bits, "elect" the EFF into office, and have this, plus copyright, patent, and net

Re:

[caluml]

You've thrown the word encrypted around a lot. I think signing is more important. But how do you ensure voter anonymity, but yet retain a way of checking that the machine hasn't just created 1000000 keypairs, and 1000000 votes, and signed them? Sure, let me generate my own keypair on my Linux, and sign my vote with them (perhaps encrypting with the Voting Authority public key), but that doesn't stop fake votes being introduced into the system, unless I somehow register my public key with the system, thereby

howitzer for flies method

[Anonymous Coward]

..really. computerized voting is not needed, a waste of resources (cash, manufacturing effort, etc, maintenance), inherently insecure (there is no possible way for a set of normal voters eyeballs to verify a count), it allows for the potential for widescale vote tampering,way way beyond any previous efforts where it had to be done precinct by precinct by corrupt individuals en masse, costs bundles of cash compared to paper and an empty box, and already has a track record of being possibly implicated in mass

Re:

[jinxidoru]

My wishlist of features
* tosses out all votes for republicans.

Re:

[pev]

1: Do like the rest of the world, and use a HB #2 pencil.

Hm, I could use an eraser to get around that. Do you realise that if paper was software, we could close down all the producers and distributers of erasers (or probably office equipment in gerneral!) in the states for selling devices for circumnavigating security?

~Pev

Re:

[MtViewGuy]

Much of California votes using mark sense ballots similar to filling out a Scantron sheet when you do your SAT or ACT college entrance exams. While that's a good idea, you do need to consider two things:

1) Make sure you fill out the ballot with a permanent-ink pen--pencil marks can be erased and cause no end of troubles in terms of ballot readability and the potential for ballot fraud.

2) Ballots could end up being tremendously huge in size--when I voted in the 2006 general elections in November 2006 the pap

Better Solution

[protolith]

I have a better solution.
Every voting machine should print out a receipt for the voter with a unique number printed on the receipt that is also associated with the votes cast and retained on the storage card. The vote number can be a combination of the serial number of the voting machine coupled with the date and a simple sequence number (or a function of the sequence number)

The votes collected should then be hosted in an online database that can be searched by the receipt number. This would allow any vo

ATM Machines

[Anonymous Coward]

For the last time - issue a voter card and use the cash machines / ATM machines / or whatever you call it in ur location.

It will even print a receipt.

If it good enough for your money it is good enough for your vote

Re:

[courteaudotbiz]

Hmmmmm... Didn't you hear about debit card frauds?

Re:

[JavaBear]

Now, that begs the question, Are the ATM's good enough for your money? They are after all made by the same companies that can't make voting machines.

And I distinctly recall a past story about a DIEBOLD ATM playing music at some campus...

I just hope DIEBOLD live up their name, and die boldly...

Re:

[Sen.NullProcPntr]

Now, that begs the question, Are the ATM's good enough for your money? They are after all made by the same companies that can't make voting machines.

I have never lost any money due to an ATM. Although banks have.

The problem is that the ATM/Voting Machine manufacturers look at their equipment as only needing protection from the outside. The unwashed masses that use the equipment to get cash or cast a vote can't be trusted at all. The insiders at the bank can be trusted, after all bankers wouldn't steal their own money (in most cases). That trusting of the insider mind set is being transfered to voting machines where the same thing can't be said about

Re:

[sdpuppy]

Perhaps Diebold should go back to what they do best...

... manufacture daisy wheel printers.

:-)

Re:ATM Machines

[oliverthered]

but the problem is you can tell who voted for who and that's bad.

Re:

[rucs_hack]

but the problem is you can tell who voted for who and that's bad.

Only for the people who don't vote the way you want. It would only take a couple of elections and you could make them all go away anyway.

See? Nice and tidy :-)

Re:

[apt142]

And your finger prints aren't all over the card that you turn in currently?

If the ATM had a firmware upgrade that reported a hash of your bank account number with the vote, that would be sufficient to verify uniqueness and avoid double voting. And it wouldn't be traceable. The only problem I have is that the banks would be facilitating this. I'd have a hard time letting a company, who's main goal is to make money, get involved in the voting process.

Re:

[Bent Mind]

According to Donald Kerr, a deputy director of national intelligence, privacy no longer can mean anonymity [slashdot.org].

Re:

[porpnorber]

People always worry about the loss of the secret ballot in electronically verifiable schemes, and I don't get it. The voter registration service mails you two random numbers (which include some checksum mechanism against typos, of course). You enter one of them. Voter identity and voter preference can be completely segregated. What's the difficulty?

You can even check that the counting mechanism is being applied correctly by issuing 'probe votes'. These are additional pseudo-voters, indistinguishable at the

Re:

[igb]

``The voter registration service mails you two random numbers (which include some checksum mechanism against typos, of course). You enter one of them. Voter identity and voter preference can be completely segregated. What's the difficulty?''

How do you demonstrate that at the end of the election you aren't going to join the tables together and print a list of who voted for whom?

Re:

[porpnorber]

One of the tables you plan to join should not exist. Voter registration passes to vote counting the list of 'red' numbers and the list of 'blue' numbers, but no record is kept of who gets which number. Yes, ensuring that there are no side channels requires auditing the process, as do some parts of any electoral mechanism, but at considerably less effort than, say, thwarting conventional distributed ballot-stuffing attacks.

Re:

[tacet]

oh really? http://http//it.slashdot.org/article.pl?sid=06/09/25/1919256/ [http]

Re:

[pikine]

Then can you please tell Bank of America not to install any more Diebold ATM machines?

Re:

[Anonymous Psychopath]

All the ATM manufacturers run WinXP these days, anyway. It'll come off like a troll, but we didn't have these types problems with ATMs back when they all ran OS/2. Fugly but effective.

Re:

[hey!]

Well, the worst thing that happens when the bad guys tamper with an ATM is the bank is out a few thousand dollars.

The worst thing that happens when bad guys tamper with a voting machine is that you lose control of the country. That's worth a lot more than all the cash in all the ATMs in the country.

So, a voting machine must be much more secure than an ATM, which typically is not particularly secure (and it doesn't matter).

Re:

[igb]

``If it good enough for your money it is good enough for your vote''

But it isn't my money: it's the bank's. If they install a system that leaks money, they have an incentive to fix it (money). If they install a system that leaks money against my name, legislation is in place (although not as strong as it should be) to pass the risk back to the bank. In a voting system, the people operating the election have no incentive to fix anything.

Moreover, an ATM is designed to tie you to the transaction as cle

"common office implement"

[jolyonr]

Do they really think this sounds more impressive than "paperclip" ?

Jolyon

Re:

[Torodung]

In a security situation, despite how obvious this was, it's important not to spill the beans on exactly how it was done.

It's the difference between, "can be hacked with a few lines of Perl," and listing the script out so that any script kiddie can do it.

There may be states with laws and certifications processes not as stringent as California still using these devices. Best not to tell everyone precisely how to break into them. I hope other states will insist that their machines be retooled, but that might d

Re:

[oahazmatt]

Do they really think this sounds more impressive than "paperclip" ?

Because it's obligatory:

"Hi! Looks like you're trying to right the election! Need some help?"

Re:

[jddj]

Might've been "a ballpoint pen" [wired.com]

Re:

[jolyonr]

Could well be!

In which case, that would probably work on the UK's previous stock of nuclear weapons too.

See:

http://news.bbc.co.uk/1/hi/programmes/newsnight/7097101.stm [bbc.co.uk]

Why are we still allowed to buy these dangerous biros?

Jolyon

Paper please!

[courteaudotbiz]

I'm sure it's hard to hack a sheet of paper and a cardboard box. Please, leave democracy "unhackable", because where there's no paper for voting, there's no hard proof that you really did it...

Re:

[DeeQ]

Even with paper there would be problems. For instance I took the SATS. SAT board lose my scores and say I never took them. Grats? (Although this is partially my fault for losing my recipt but thats not the point in making the connection) Human error will still happen.

Re:

[Richy_T]

We'd have a better government if whoever loses becomes president :)

Rich

Let's do it like the ancient Greeks ...

[Ihlosi]

I'm sure it's hard to hack a sheet of paper and a cardboard box. Please, leave democracy "unhackable", because where there's no paper for voting, there's no hard proof that you really did it...

... and scratch our votes into shards of pottery. How's that for hard proof ?

Alternatively, just use a whole brick.

Re:

[Notquitecajun]

Actually, there are problems there as well. Illinois in the Kennedy/Nixon race. LBJ in Texas. Louisiana in...well, pick a year. Gerrymandering/re-districting. Keeping the electoral college/getting rid of the electoral college. Nothing is, has been, or will be perfect with the vote...we just have to continue to hold people accountable and try and make it as publicly accessible while keeping the ballot secret. I'm pretty far-right, but I think at the LEAST there should be limited open-source scrutiny o

Re:

[MtViewGuy]

Oh, yes you certainly can "hack" a paper ballot--remember the 2000 Florida voting fiasco?

I would go with mark-sense ballots filled out in permanent ink. Reasons are simple: 1) mark-sense ballots are easily readable in both machine and hand counts and 2) filling out in permanent ink means positive proof of the vote, which avoids the issue of pencil marks on a ballot being erased, which can cause problems with unreadable ballots and possible ballot fraud.

How much more does it take?

[Opportunist]

Those machines have been proven time and again that they're insecure, not reliable and that it takes special knowledge to even start verifying their results. Now we add ease of manipulation to the fold.

How much more does it take to see that it is a BAD idea?

Yes, paper voting is costy. But we're not talking something where cost is the deciding factor. Democracy is about two things: People participating in the government of their country, and people trusting the government of their country. In a democracy, people have (ok, should have) a say in their country's behaviour. And this in turn should give them a feeling of belonging, they should feel their country takes them serious and as more than just peons who can be ordered around, because they chose their government themselves. This usually means more trust and faith in their rulers, because they themselves chose them (not some divine right to rule or military force, they installed their government).

Especially the latter part is at risk. If you cannot easily debunk any claims of voting fraud, because the means to vote offer themselves for easy manipulation, you open your country for claims of illegal manipulations that cannot be disproved. You destroy the faith people have in their country and the support. Not that it was really necessary these days, people already started losing faith in the democratic process and democracy altogether. But this has the potential to be the last straw.

Cost is not an argument when it comes to voting. If you want people to support the government as wanted by the majority, you have to make sure that it will be seen as the will of the majority. If fraud is easy, dissenting people will always claim foul play and you will not have any chance to call them bad losers. You can't prove them wrong, quite the opposite, we have seen now time and again that they have every reason to be suspicious.

Re:

[tjstork]

Those machines have been proven time and again that they're insecure, not reliable and that it takes special knowledge to even start verifying their results. Now we add ease of manipulation to the fold

The problem is, a lot of people don't trust the human counters.

Re:

[Opportunist]

So you don't believe our count? No problem at all. Here's the ballot, count as much as you like.

See? Easy to shoot down any claims of voting fraud. You can count, you can read, you can verify the voting count.

Now please tell me how I, common man, aged past 30 and let's assume I'm not an IT expert, should verify some "count" done by a voting machine.

REALLY open the voting...

[zippthorne]

Every vote is assigned to an ID. Not your ID, but a relatively random numerical one. When the voting is done, the entire votes database is made available on DVD (or whatever medium is appropriate to storing 300 million records. I wouldn't expect much space at all, I'd bet the IDs take up more space than the actual data.

Then independent organizations can tally the votes themselves and verify that the election was on the up and up. They can also allow people to check their votes in the database to verify individually that the database itself is correct. Assuming the database has been distributed in whole to all of the various organizations, mis-votes should be easy enough to discover.

Then it only remains that you need to protect people's anonymity. A ticket that can be used to verify an individual vote on behalf of a person can also be used to verify that vote to the satisfaction of a vote-buying machine (or worse.)

A solution is to obscure the information by giving each voter not one, but a list of ID numbers and told which one is theirs privately. That way, nefarious organizations wouldn't be able reliably say they've been given the correct number, which should kill their scheme. It's not a perfect solution, though, and I can already see flaws in it, but that just means it needs a bit more work before it's ready for prime time.

Re:

[Opportunist]

The whole procedure still requires me to believe that every vote punched into the machine was counted, and counted correctly. When I already doubt the machine and its ability to assign votes actually to where they were meant to go, it's moot. What you suggest is akin to someone counting the votes and then handing me a list telling me that vote number 10 voted for party A. Do I trust that person? No.

In a pen/paper voting process, I have the exactly same item in my hands at counting time that the person votin

Re:

[zippthorne]

The entire list of votes should be published in multiple locations. Then, you can go to any of these locations and verify that your vote is correctly recorded. Copy holders, which could be anyone who can afford the print cost since the data is anonymized, would be able to compare their copies of the lists to make sure that they did, in fact, receive identical copies.

Everyone need not check their vote from multiple copies, but the copies should be ubiquitous enough that they have plenty of opportunity to i

Re:

[Selfbain]

To tamper with millions of paper ballots would require a massive conspiracy. To tamper with electronic voting machines, apparently all you need is a 16 year old kid and a computer.

Re:

[Opportunist]

It's similar here. The counting takes place in the largest hall in town (or district, depending on the amount of votes), a few policement in case someone tries something funny (the duty is usually very popular, since all you gotta do is stand around and get paid for it), one delegate from every major party and whoever wants to watch the whole procedure.

Re:

[CastrTroy]

That's why with paper voting they have other people watching the counters and verifying their results. People from all interested parties can easily watch what's going on, to make sure everything is on the up-and-up. The same can't be said for machine, as it's really hard to verify that a machine is counting correctly.

Re:

[CastrTroy]

How is paper voting any more expensive than machine assisted voting? From my understanding, it's extremely cheap.

Re:

[Opportunist]

Well, you need a lot of people every time, and it usually takes some time to count all the votes. But yes, considering the price of those voting machines (and probably the contracts attached to them), paper voting could be a whole lot cheaper, too.

But like I said, money is no issue in this case. Democracy may cost a little. I'm willing to pay my taxes for that.

Re:

[Hotawa Hawk-eye]

How much more does it take to see that it is a BAD idea?

I think we're only going to see people turn against electronic voting machines that do not have a paper trail once someone manipulates a vote using those machines so far that it's impossible to ignore. If, for instance, ALL the votes in the state of California (over 50 electoral votes -- I believe 271 or thereabouts gets you the White House) were changed to vote for CowboyNeal, that would be a situation that couldn't be ignored. The major news organ

Re:

[Opportunist]

Oh c'mon, you should know better than that. The outcome would be a manhunt for the bastard who dared to attack democracy and the American way of life, he would be caught and turned into a terrorist. Then we'd hear that the hole he used was plugged (whether or not it was, who cares) and the voting machines get back to work.

Re:

[porpnorber]

The trouble is, we live in a world where the resources of the adversaries of the electoral system seem to be immense. It appears to be feasible for them to 'buy' (or in any case control) significant numbers of the polling stations, and to manipulate their procedures on a grand scale. As such, an electronic voting system that worked would be a big help: it would make verifiability a centralised problem that organisations with some clout could get involved with. To put is differently, we are currently allowin

Re:

[Opportunist]

What would keep a fraudster from adding more numbers to the system and having those phantoms cast votes in favor of his candidate?

Re:

[porpnorber]

That's a problem with all voting systems, indeed all government. Which citizens, in fact, exist, and therefore have rights? I tend to favour secure centrally administered ID schemes in which there's a trusted token associated with each person, but one that can manage multiple logical personae; but clearly that's also a politically hot question. But in any case, I think we need to separate voter enumeration from voting per se (indeed, that's exactly the point of secret ballot).

This begs the question

[oliverthered]

Does it make paperclips and Linux illegal in Germany now that they can be used for hacking?

Re:

[matt me]

Does it make paperclips and Linux illegal in Germany now that they can be used for hacking?

Shit, are you an insider? How else would know that the "common office implement" in question are papercl*ps?

And then what?

[InvisblePinkUnicorn]

Authorities will start cracking down on the creators of vi for releasing software capable of hacking the electoral process.

Whats the point of e-voting

[gmthor]

I believe the most important thing about e-voting is that you can't pic up a random person from the street, explain him how it works, and after it ask him if the process of voting was done correctly. Paper voting on the other side is so easy that manipulation is easy to realize. I mean the only point of e-voting is that some poor government officials can go home earlier. I want Democracy for everybody.

Re:

[Twisted Willie]

The point of e-voting is to remove human error (in all shapes and forms) from the counting process. Assuming that at one point the electronic voting machines can be made secure enough, it's a much better way of getting accurate numbers than by paper voting.

Re:Whats the point of e-voting

[Firethorn]

electronic voting machines can be made secure enough

That's currently the big if right now. It's just not transparent enough, and it's like all the companies building machines forgot completely about security; substituting a little theater instead. In addition, I don't like how a single machine or media failure can take out all of a machine's votes for the election. Two or three of those can throw elections today.

In addition, most of the advocates of paper voting have been talking about optical scan ballots. This opens up recounts to multiple solutions - Company X's scanner, Company Y's scanner, verified by hand if deemed necessary.

I am not one of those who believe that hand counting is automatically the most accurate - but optical scanning is old tech at this point, very accurate, and most importantly - auditable.

Secure and accurate Voting is always going to be complicated and tough - especially when you figure that you normally have at least two parties with people willing to cheat, who may be in the system.

N-Version Scanning

[natoochtoniket]

If we standardize the format of the paper ballots and the marking devices (say, #2 pencil), then multiple parties can independently develop optical scanners for that ballot format. If each political party provides its own scanner, and each of those scanners is used to scan the ballots, and if all of them agree on a count, then we can be pretty sure that the count is accurate.

An additional level of verification is possible if some of the scanning devices capture the image of each page into a file. A fil

Don't kid yourself...

[fahrbot-bot]

I mean the only point of e-voting is that some poor government officials can go home earlier.

...there's more money to be made than with paper and pencil voting. Producing cheap, insecure machines without a paper trail increases companies' profit margins. Lawmakers have be lax and slow to respond, probably because their hands are so comfortable in those companies' pockets. Obviously, the only ones who care are "some" of the voters. Hopefully, that will become "most".

I, for one, like seeing my vote on hardcopy.

Re:Whats the point of e-voting

[Opportunist]

That is exactly the problem with e-voting: You have to trust.

With normal pen-and-paper voting, all skill you need is being able to count and discriminate between various candidates being chosing on the paper. You don't believe my count? You think I'm trying to fix elections? Here's the ballot, count for yourself.

With e-voting, you face a problem. You need very special skills to actually conduct a recount (if it is possible at all). Don't believe me that I'm not trying to fix elections in my favor? Sucks to be you if you don't happen to have the skills.

Re:

[Opportunist]

Well, the problem of ticking off people who didn't come and toss a vote for "their" candidate has been eliminated quite efficiently here: Every party has the right to put a representative into the voting comittee to sit there and watch out that nobody does something like that.

And if you're not at home, you can't vote. Period. You have to vote where you're registered. If you have no chance to vote at home, there are various options available to you. If you're abroad, you can have an official voting card sent

Re:

[CastrTroy]

Exactly. I'm a software developer. Most people would say I'm a pretty smart guy. However, it would still take me a lot of research to be able to verify that an electronic voting system is even secure. If I could verify it at all. And still when I walk up to the machine on voting day, it would be impossible for me to verify that the machine was running the correct software, unmodified hardware, and was actually doing what the original design said, and not something else.

Re:

[Rob the Bold]

Paper voting on the other side is so easy that manipulation is easy to realize.

Not to be pedantic, but the system in question does use paper (just not easily human readable). People mark machine readable paper ballots, and the PBC can be used to check the ballot before they turn it in to ensure that it is not over- or under-voted, etc. From the description of how they are using the PBCs, it sounds like they are trying to avoid some of the kinds of problems reported in Florida 2000, by letting a voter s

Re:

[oliphaunt]

I mean the only point of e-voting is that some poor government officials can go home earlier.

You're far too kind. The only point of e-voting is to allow Republicans to steal elections that they could not win legitimately.

Re:

[porpnorber]

E-voting is only hard to understand if you don't choose the right protocol. Actually, the internal details of how paper votes are manipulated are pretty arcane; it's only at the 'count the tokens' level of abstraction it seems easy. So—make sure your electronic voting scheme has a 'count the tokens' layer, already!

Sounds good!

[4D6963]

The paper seals were easily bypassed, and the lock could be picked with a "common office implement". After cracking the physical security of the device, the testers found it simple to reconfigure the BIOS to boot off external media. After booting a version of Linux, they found that critical system files were stored in plain text. They also found that the election management system that initializes the voting machines used unencrypted protocols to transmit the initialization data to the voting machines, all

common office implement

[Threni]

What, a service pack?

Translation...

[daninspokane]

"Common office implement" AKA: Paper clip and some whiteout I hear Richard Dean Anderson was on the testing team, so really, that's their own fault.

Paper Seals = DoS?

[kieran]

If the machines have paper seals in an accessible place, then you could very easily DOS the vote of a district that is known to be unfavourable to you simply by slicing the seal with your thumbnail, without ever having to hack the machine at all!

Re:

[Rob the Bold]

If the machines have paper seals in an accessible place, then you could very easily DOS the vote of a district that is known to be unfavourable to you simply by slicing the seal with your thumbnail, without ever having to hack the machine at all!

That's true, but anything accessible to the public could be potentially vandalized. At least the jurisdiction in question is using the PBCs to let the voters check their ballots, and not necessarily for counting the precinct results. If the machine were vandaliz

Criminal organizations

[paulproteus]

If I defrauded a state and sold it uncertified voting equipment, I'd be in jail.

Why isn't this organization, which has clearly committed a criminal act, in jail?

What's next?

[InvisblePinkUnicorn]

Next authorities will be cracking down on the creators of vi for releasing software capable of hacking the electoral process.

Ban all paper clips

[flyingfsck]

Well, obviously the solution is to ban all 'common office implements' since they constitute 'anti-circumvention devices'... sigh...

Moving into the electronic age...

[doit3d]

...can be a good thing, but this really concerns me. I'm all for changing with the times, don't get me wrong. I just feel that electronic and software items which play such a critical role in the much corrupt political system we have today do need more oversight from public entities, not private companies or political agencies. I feel we are far from where we need to be for electronic voting in the US to be reliable or trustworthy. I do have hope that it can be an option in the future though.

I opt to kill a few trees to retain the paper method for now. I was forced to use an electronic voting machine (Diebold) in my district during the last local election in my state. I will not be using one regardless come the next election. Anyone can manipulate the machine behind the privacy fence surrounding the machine, without anyone knowing about it. Who is to say it cannot be tampered with even before the people are given access to the machine to cast their vote. I do not feel comfortable using an electronic voting device at this time.

I am almost 100% convinced that major elections do not matter anymore in this country in this day and age. The rich, and the corrupt have a strangle hold on our government and the media. Just look at the biased mass media coverage that is happening today. It is as if the media has already made the decisions for us about the elections, and those who own the media have very powerful ties to the government. There are no real debates between candidates, but they are still called debates. There are no tough questions, and there are no truthful straight forward consistent answers but from a couple of candidates, which are silenced and kept from the publics knowledge by powerful people whom are in control. I do have some hope, but it is fading fast.

I honestly feel that there will be another civil war in this country if things continue the way they are. It will not be the Whites against the Blacks, against the Hispanics, etc... It will be the poor against the rich. You know where the corporations and the corrupt politicians will stand when this happens. Change takes ballots or bullets. Sooner or later people will be tired of trying to make change peacefully with ballots.

It may not happen in my lifetime, but I think it will happen sooner than anyone thinks if the current path is followed. All it will take is someone high up in the military to finally get fed up with the corruption to take the action of cleaning house. We have already seen first hand the dissent in the military ranks all the way to the top. Several generals have peacefully resigned/retired and spoken in protest to the insane, illogical decisions made by the current administration and the path it has taken us down. Sooner or later someone with a bigger set of balls will do something about it if this continues.

It would not be a good thing to have this happen, but if things continue the way they are I would sadly be in support of it. It would be a rough road, but change is needed in a bad way. We are currently on a path of assured economic destruction, which will have effects far and wide around the world. We should learn from the past history of other, once large and powerful Republics. It seems to me that we are doomed to repeat history unless there is change.

I hold the hope though, that this vast information highway called the internet will tip the field in the favor of the people in due time. The option to see and read more news from many sources, rather than the few sources force fed to the masses controlled by the powerful and corrupt few. The internet has broadened my view of things. This too may not happen in my lifetime, but I hold hope that it will foster a peaceful change in time.

I hope for a peaceful change, but I am very afraid of what could and might happen.

Are voting machines worse than ATMs?

[dpbsmith]

I'm very curious to know. Are the vendors of voting machines just cynical, and believe that nobody really cares about security and that they can pull the wool over the eyes of the people who make the buying decisions?

Or do they find that the people who buying voting machines are equally cynical, and really just want cheapjack machines, paying only lip service to protecting the public that uses them?

Or, if the truth were known, are ATM machines really just as bad?

(Anyone know what the relative cost is? Judgi

Re:

[doom]

dpbsmith wrote:

I'm very curious to know. Are the vendors of voting machines just cynical, and believe that nobody really cares about security and that they can pull the wool over the eyes of the people who make the buying decisions?

Well, you're asking for speculation about motives (essentially you're asking the "malice or ignorance?" question), which makes it difficult to say anything with any certainty, but the major voting machine companies are run by people with personal connections to each other,

Easily explained to Congressmen and the Media

[smchris]

Those were _HACKERS_! They booted a linux CD!

How about this for a ballot?

[thirty-seven]

How about a ballot like this [elections.ca], marked with a pencil? And after you mark it, you fold it and present it to a poll worker, who looks at the folded ballot and verifies there is only one, valid ballot and initials it, then hands it back to you and you put it in a simple cardboard ballot box [elections.ca]. The votes are counted at each polling place by the poll workers, and representatives of each candidate can observe, and it is open to public observation. Is this just too simple?

Who Cares?

[AK Marc]

Electronic voting machines don't have to be secure at all. If they make a paper trail, you can hack every single one of them and not affect the outcome of the election. The push for "more secure" eelctronic voting systems is completely missing the point. Using electronic voting should be required. They have options not available to paper voting. And, yes, electronic voting is more reliable (even if every single machine is hacked) than paper voting (presuming it isn't a DOS, in which case paper can be u

If you bypass physical security, it's all over

[mdvolm]

The first round of tests focused on the physical security of the Polling Ballot Counter (PBC), which the Red Team researchers were able to circumvent with little effort. "In the physical security testing, the wire- and tamper-proof paper seals were easily removed without damage to the seals using simple household chemicals and tools and could be replaced without detection," the report says. "Once the seals are bypassed, simple tools or easy modifications to simple tools could be used to access the computer and its components. The key lock for the Transfer Device was unlocked using a common office item without the special 'key' and the seal removed."

You can stop reading the article here. Once physical security has been breached it's all over. With the machine open, you now have complete control over it, even to the point of changing out the hardware. This also applies to any machine that handles money, including ATM's.

All the software security measures in the world won't protect you if physical security is breached. So, if the physical security of a voting machine cannot be maintained at least as well as an ATM, or better yet a slot machine in a casino (constant surveillance), then using the voting machine in the first place is NOT secure.

Re:

[mdvolm]

And I should have added "... regardless of what software is running on the machine or what security measures said software has implemented." to the end of the previous comment.

They don't even try, do they?

[Jesus_666]

Seriously, how can someone implement electronic voting without making at least EAL5 for all involved components as well as for the system as a whole a mandatory requirement? (I'd demand EAL6, but let's stay somewhat realistic.) If I'd be the lawmaker, I'd be pretty paranoid about e-voting; I'd let at least three reknowned e-security experts draft up lists of requirements independently of each other and then combine them together in the most restrictive way possible. Encrypted transmissions, encrypted file s

Re:

[deniable]

Um, #|brain>mouth ?

Let me tell you about our recent federal election. We had two pieces of paper to fill out. I marked them with a pencil and placed them in boxes being watched by multiple election officials. These boxes are then transported to a central location by multiple officials. Each ballot is then counted with officials from each party watching. We had a result by midnight and nobody is crying foul.

How is this less secure?

Re:

[MLease]

It's true that this is the way it's happened in the past, and probably continues to happen now. However, it's a lot harder to produce massive fraud this way than it is using a technological approach. What you describe is a retail version of vote fraud; the technological approach is a wholesale version. One person can affect many more votes by hacking the machines than by usurping the votes of legitimate voters who didn't show, and the more people you have involved in a conspiracy, the greater likelihood