Diebold Voting Systems Grossly Insecure 534
Several well-known security researchers have examined the code for Diebold's voting machines (which we last mentioned two weeks ago) and produced an extensive report (pdf). The NYT has a story on the report, which cuts to the bone: 'Our analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts. We highlight several issues including unauthorized privilege escalation, incorrect use of cryptography, vulnerabilities to network threats, and poor software development processes. For example, common voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal.'
here we go again (Score:2, Insightful)
Flaws still unfixed after ***5 Years*** (Score:5, Insightful)
'But Douglas W. Jones, an associate professor of computer science at the University of Iowa, said he was shocked to discover flaws cited in Mr. Rubin's paper that he had mentioned to the system's developers about five years ago as a state elections official.
'"To find that such flaws have not been corrected in half a decade is awful," Professor Jones said.'
Well...DUH!!! (Score:2, Insightful)
Re:Does it really matter? (Score:2, Insightful)
and no I'm not a Dem
You didn't read it here first (Score:5, Insightful)
Scottie's Law strikes again (from Star Trek III): "The more they back up the plumbing, the easier it is to stop up the drains." The simpler the voting system (the less mechanical, electronic, electro-mechanical etc. etc.) is the less open it is to fraud (both officially and unofficially perpetrated) or error (both innocent and culpable).
One more reason I'm glad to live in Canada...
Voting problems (Score:2, Insightful)
This is a surprise? (Score:5, Insightful)
At least with the current voting system, while you're there you see everyone being handed 1 ballot, and turning in just 1 ballot. You see the ballot go in the sealed box. There's no secret about what your vote is doing, and no confusion about whether the vote was cast or not, or if anyone is turning in multiple ballots.
Re:Flaws still unfixed after ***5 Years*** (Score:3, Insightful)
Old Saying (Score:5, Insightful)
Some people, in comments widely circulated on the Internet, contend that the company's software has been designed to allow voter fraud. Mr. Rubin called such assertions "ludicrous" and said the software's flaws showed the hallmarks of poor design, not subterfuge.
Re:Ah-ha! (Score:5, Insightful)
Re:Don't you realize that ... (Score:-1, Insightful)
The Supreme court said if you recount ONE COUNTY you must recount ALL OF THEM.
Also, in 5 recounts since 2000 elections BUSH WON THEM ALL.
GET OVER IT.
Re:Well yeah! (Score:4, Insightful)
Well, rigging it in a state in which your brother is governor with a supreme court your daddy appointed should be pretty easy...
DMCA (Score:2, Insightful)
Pure Speculation (Score:3, Insightful)
This sounds like a victory for the 'little guy'... (Score:5, Insightful)
I KNOW I'm paranoid, but still...I like to think long-term.
not exactly a surprise (Score:4, Insightful)
So, does it come as a surprise that companies that can't produce minimally secure ATMs can't produce minimally secure voting machines either? Blaming Floridians for "hanging chads" (talk about a broken user interfaces) clearly was only the beginning.
If we want secure voting machines, ATM manufacturers are the last people to go to because they already have proven to be incapable of handling computer security. The only thing they seem to be able to do is make big, heavy metal boxes and pretend that that constitutes "security".
No, the SC said that ... (Score:2, Insightful)
Scalia logic: No batteries necessary.
Re:not exactly a surprise (Score:4, Insightful)
If the bank thought they could save money by upgrading ATMs, they would do so, and pocket the extra money. Obviously they don't think so.
Re:Just sent this to Congressman Boucher (Score:1, Insightful)
I enjoy and dabble in Open Source, but I'm getting sick of people going out there and making us as annoying as Jehovah's Witnesses.
Is Open Source the issue here? No. Bad voting machines is the issue. Bragging about how you're trying to whore Open Source out to the government...annoying and doesn't impress anyone.
There is no way to do it securily. (Score:5, Insightful)
The only difference is who can commit vote fraud. Now anyone who walks up to the machine can commit vote fraud. Even if all of these bugs fixed, large classes of vote fraud remain. The only difference would be that any random person on the street couldn't cheat. However, any custodian would still be able to re-image the drive. Any programmer at Diebold would be able to embed a trapdoor. In short, anyone with exclusive access to open the machine can cause it to cheat. And this 'best case' is only if they fix all of the bugs.
Thats not a lot better. Even the writers of the paper couldn't make a cheat-proof DRE voting program. If an adversary controls the hardware, they control the software. Fundamentally, any non-trivial computer system is not trustworthy; any system whose security depends on a computer should be transformed where the security no longer depends on the correctness of the computer.
For instance, the only nominally trustworthy computer voting scheme is to have the computer be nothing other than a super-intelligent pencil. The voter uses the computer which prints out a paper ballot. The user observes and confirms the paper ballot is correct, then the ballot is dropped into a box. The computer may record results, but as the computer is untrustworthy, those results are untrustworthy. Now, the security and trustworthyness of the computer doesn't matter.
Every security researcher, including the authors of the paper advocates this scheme, but they are ignored by election officials. This includes the two professors who authored the paper, Peter Neumann, and Douglas Jones from the NY Times article, Rivest---the R in RSA--- and hundreds of others.
See: http://www.verifiedvoting.org/index.asp
This is a secure voting system. Brazil has it (and at a tenth the price). Any system without a printer requires 'trusted hardware' in an adversarial environment. Control the hardware, control the election.
Re:*sigh* (Score:2, Insightful)
Not everyone fits your stereotype.
Re:Don't you realize that ... (Score:2, Insightful)
Voting Machines = easy vote fraud. (Score:5, Insightful)
A paper ballot and a pen is the only form of ballot I trust. And if they don't count the ballots AT THE POLLING PLACE in plain view of the public BEFORE they ship them off to the court house you can't trust the result.
Paper ballot boxes get tampered with all the time. A machine that most people couldn't understand is NOT going to make voting less prone to fraud. If I can't take apart the machanical voting machine to see if it works correctly and I can't look at the code of a computer program and see if it works correctly then why SHOULD I trust it?
We allready had a major election full of obvious vote fraud(On both sides. Bush was just better at it THIS TIME. Gore was just as crooked just not as effective.) Voting machines are just one more way to cloud the issue. A voting shell game run by slick con men.
DEMAND paper ballots! Demand that votes be counted and posted AT THE POLL. Any thing else is a sham!
Re:No, the SC said that ... (Score:2, Insightful)
It's quite scary, also, that this is true. Though if I had been there, I would have had a good laugh at the SC saying that, because the idea is just so damn ridiculous. What's wrong with the citizenry questioning the legitimacy of the election? The people have a right to.
Re:here we go again (Score:3, Insightful)
No win32? (Score:3, Insightful)
I would rather have an open-source app running on a open-source OS.
Re:*sigh* (Score:5, Insightful)
Sorry, but that's bullshit. Have you been unemployeed recently? You are aware that the economy is in one of the worst states it's been in since the Great Depression?
There are many qualified people who have trouble finding jobs.
I know a number of well qualified people in a number of sectors who have trouble finding work. This includes Java engineers with over 6 years java experience, Unix admins with 10+ years experience, telecom folks, production managers, office managers, etc. Most sectors of the economy are suffering.
Finding a job depends on networking-- who do you know that can help you get a job. Technical skills are very secondary.
In the SF Bay Area, we're flirting with a 10% unemployment rate in the tech sector. 25% of residents in the Bay Area have been laid off in the last several years. Average job search lasts 8 months.
That is caused by more then the "java in 21 days" problem that you suggested.
Re:Old Saying (Score:3, Insightful)
It's more than just stupidity; as the article notes, some of these problems have been known -- and left uncorrected -- for five years. It may not yet rise to the level of malice, but it certainly qualifies for utter laziness and gross negligence.
If this were a medical device whose flaws were causing patient deaths and the manufacturer knew about it for five years, stupid would be a rather mild word for the manufacturer.
On the other hand, stupid does at least begin to describe a company like Diebold which is opening itself to the possibility of a class-action suit on a scale that would make the tobacco settlements look like pocket change if it is ever demonstrated that their machines screwed up a presidential election.
Re:not exactly a surprise (Score:5, Insightful)
That is all very true, but that doesn't make it any better. To the bank, an occasional $2000 fraud isn't a big deal--it's a little money added on to some fees, maybe they lose the customer that was defrauded, and putting a secure ATM infrastructure in place would indeed be much more expensive. But to the person losing $2000 and spending hours on the phone trying to get the money back and trying to restore their good name, the loss is much bigger than the financial loss to the bank. That is what makes the bank's attitude so callous. In fact, banks should face stiff penalties when fraud does occur so that their financial objectives are brought in line with the harm they cause; then, they would fix ATMs.
For voting machines, the situation is even worse: there is little or no auditing or verification possible, either for individuals or auditors, and nobody loses money from misregistered votes. So, if the ATM vendors reason the same way for on-line voting as they do for banking, the kind of reasoning you applied, then they really don't care at all about security. And that's just what we are seeing. And that is exactly the reason why ATM vendors are completely unsuitable to handle these things: they have already demonstrated that they will optimize for profit, not for security. For creating on-line voting systems, we need organizations that are dedicated to security, not profit maximization.
Re:Ah-ha! (Score:5, Insightful)
You cannot attach the name of the voter to the ballot and expect free votes.
Re:*sigh* (Score:4, Insightful)
Sure, I know some people (from elsewhere) that got jobs reasonably quick, but that's because they KNEW SOMEONE on the inside, or had some high connections. I'm not being bitter, they've admitted it to me.
*sigh* indeed. There are many, many, many different reasons why someone could be hired over someone else. One such reason is having someone on the inside who can vouch for them. I wouldn't be where I am today if I hadn't done my fair share of "networking" starting back in college. For potentially equally qualified applicants, having someone on your side on the inside counts for an awful lot in most places. And that's just entry level. How do you think people rise to the top.. dumb luck and good resume?
Don't be bitter because someone else is willing the play the game a step further than you are. Step up to it and start networking with people.
Important voting system Q&A: (Score:5, Insightful)
A: The first person that thought they could get away with it.
Re:Here's an article (Score:1, Insightful)
What is troubling is that the voting machine companies are owned and operated by extreme right-wing republicans who have known connections to the national republican party, either directly or through massive money transfers. Does this prove election fraud? No, but only an idiot would say that it's nothing to worry about.
Re:Yay! (Score:3, Insightful)
Nope.
You see, Diebold's customers for ATM machines -- the banks -- have a vested interest in making certain that no money leaves their hands that isn't supposed to. Even their internal practices and procedures assume the employees to be untrustworthy. So the banks obviously gave Diebold a requirements document that ensures that no money leaves an ATM that isn't supposed to.
OTOH, Diebold's customers for voting systems -- the Republicans (yeah, I know, cheap shot, so sue me) -- have a vested interest in keeping their positions of power. Hence, the requirements document Diebold got from them was very likely bereft of any security considerations whatsoever.
Or, to put it another way: "Follow the money."
Schwab
Re:Voting Machines = easy vote fraud. (Score:5, Insightful)
One problem: record low voter turnout. Imagine that you're the only person who can be bothered to vote; do you really want the local election commission knowing how you voted?
OK, granted, that's a silly extreme. However, I live in a state with many counties with tiny populations. I can imagine that the local sheriff is also the election coordinator, and given twenty people in the town with 19 of them at the Blue Party fundraising picnic, I'd hate to have said sheriff know that I was the only one who voted for the Orange Party candidate. Throwing my vote in with the 500 others from the county seems to provide a better measure of anonymity, for better or for worse.
I'm a pretty staunch Republican in a predominantly Republican city. Still, I'd hate to be the sole Communist Party Of America or Green supporter in a small place and be afraid to vote because it could be traced back to me so easily.
Re:Don't you realize that ... (Score:2, Insightful)
This sure sounds like a worthy endevor to me, and certainly something more people in this country should be doing. Bush is a liar, and conservatives are anti-democratic. Anyone who attacks these people who are destroying the constitution and trying to establish some sort of fascist theocracy in this country is doing good work in my opinion.
Scrutineers (Score:4, Insightful)
Here in Canada (and probably most other democracies) we have "scrutineers" so the general public doesn't have to worry about that. Each candidate sends a representative to each polling station to observe and make sure things are handled properly. It is in the candidate's best interests to make sure the other guy doesn't get any unfair advantage, so as long as there is more than one scrutineer and they aren't colluding (which is less likely the more scutineers there are) the system is secure.
Scrutineers are very effective with paper ballots, but only with paper ballots. They are not equipped to verify an electronic voting system. So yeah, demand paper ballots. Anyone promoting electronic voting is promoting the neutralization of a very important election security mechanism.
Re:here we go again (Score:2, Insightful)
Simple Solution (Score:3, Insightful)
When a person votes, the machine should spit out a piece of paper with the voter's choices listed. The voter verifies the paper, then slides the paper into a slot (in much the same way many current voting machines accept the voter card).
In that way, the voting machines can automate the tabulation, and we can avoid any hanging chads; but the paper trail still exists.
Are there any flaws with this?
Sorry, there is only one solution (Score:1, Insightful)
Re:Don't you realize that ... (Score:1, Insightful)
Re:No, the SC said that ... (Score:3, Insightful)
If an election is "too close to call" which means, "within the statistical margin of error" which certainly applied, the issue is supposed to go to the damn legislature, not the supreme court. The executive and legislative branches elect supreme court justices, not the other way around.
Re:FidoNet handled this (Score:1, Insightful)
Example:
A man comes to your house and says "Hello, I am from oranized crime. Vote this way. Show me your password. Okay. I will be back in two weeks for you to prove that you did what I said."
Alternately:
"I will give you five dollars if you vote for me. I will be back in two weeks for you to prove it, and then I will give you the money."
So there you go. This is actually already happening in Italy because people bring in 3G phones with video cameras to prove to organized criminals that they are voting the right way.
Re:DRM to DVM? (Score:1, Insightful)
Think simple...What about vote by mail? (Score:2, Insightful)
Re:Don't you realize that ... (Score:1, Insightful)
Revolutionary != conservative.