California Testers Find Flaws In Voting Machines 167
quanticle writes "According to Ars Technica, California testers have discovered severe flaws in the ES&S voting machines. The paper seals were easily bypassed, and the lock could be picked with a "common office implement". After cracking the physical security of the device, the testers found it simple to reconfigure the BIOS to boot off external media. After booting a version of Linux, they found that critical system files were stored in plain text. They also found that the election management system that initializes the voting machines used unencrypted protocols to transmit the initialization data to the voting machines, allowing for a man-in-the-middle attack. Altogether, it is a troubling report for a company already in hot water for selling uncertified equipment to counties."
ATM Machines (Score:4, Interesting)
It will even print a receipt.
If it good enough for your money it is good enough for your vote
Don't kid yourself... (Score:4, Interesting)
I, for one, like seeing my vote on hardcopy.
Re:Paper please! (Score:1, Interesting)
I say we should have an arena and fight to the death, whoever wins becomes president.
"Two men, hand to hand.
No jury, no appeal, no parole...
Two men enter, one man leaves."
Re:WhiteHat Voting (Score:3, Interesting)
All in all, I want a machine that is custom-configured for electronic voting and locked down so tight the NSA would have trouble getting in.
Re:Whats the point of e-voting (Score:5, Interesting)
That's currently the big if right now. It's just not transparent enough, and it's like all the companies building machines forgot completely about security; substituting a little theater instead. In addition, I don't like how a single machine or media failure can take out all of a machine's votes for the election. Two or three of those can throw elections today.
In addition, most of the advocates of paper voting have been talking about optical scan ballots. This opens up recounts to multiple solutions - Company X's scanner, Company Y's scanner, verified by hand if deemed necessary.
I am not one of those who believe that hand counting is automatically the most accurate - but optical scanning is old tech at this point, very accurate, and most importantly - auditable.
Secure and accurate Voting is always going to be complicated and tough - especially when you figure that you normally have at least two parties with people willing to cheat, who may be in the system.
Re:WhiteHat Voting (Score:2, Interesting)
All data should be stored in plain text, and signed with multiple hashes, keys and/or ciphers.
# All communications protocols are authenticated, encrypted and signed.
Only to the extend tat no one can say that for instance booth #5 voted on candidate X.
You don't want to shroud the data in mystery or obscurity, merely make them tamper-proof (resistant).
# There are multiple, redundant backups of all data, including a hard copy paper trail that can be authenticated by a unique signature printed on each ballot
Partially.
Use memory cards. The cards should be one-time use WORM memory. They contain the voting setup, in for instance XML. When the voting machine is initialized, the card is tagged with machine ID, timestamp, election official and authorization information, along with machine and software version keys. This should render the WORM card unreadable in any other machine. A crash and/or power outage should be recorded to the memory card if possible, and the machine should be reset using a new memory card, or the machine detects that the card is indeed it's own, and insert a new initialization header, preserving the original data.
During voting, each vote is written to the card, tagged with some sort of security and padded to a fixed length.
At the end of the day, this card is bundled with the paper trail, printed throughout the day like the internal tape in a cash register, and finalized with totals and signatures from election officials.
After the election, the card content must be dumped to an official and freely accessible server along with a scanned version of the paper tape.
Re:WhiteHat Voting (Score:3, Interesting)
But honestly, I don't see why the geeks are so upset here. This is our chance to rock the vote, and make sure that our votes actually count... more than once. If the current politicians aren't going to fix the voting machines, then lets flip a few bits, "elect" the EFF into office, and have this, plus copyright, patent, and net neutrality issues solved in one quick term.
Moving into the electronic age... (Score:3, Interesting)
I opt to kill a few trees to retain the paper method for now. I was forced to use an electronic voting machine (Diebold) in my district during the last local election in my state. I will not be using one regardless come the next election. Anyone can manipulate the machine behind the privacy fence surrounding the machine, without anyone knowing about it. Who is to say it cannot be tampered with even before the people are given access to the machine to cast their vote. I do not feel comfortable using an electronic voting device at this time.
I am almost 100% convinced that major elections do not matter anymore in this country in this day and age. The rich, and the corrupt have a strangle hold on our government and the media. Just look at the biased mass media coverage that is happening today. It is as if the media has already made the decisions for us about the elections, and those who own the media have very powerful ties to the government. There are no real debates between candidates, but they are still called debates. There are no tough questions, and there are no truthful straight forward consistent answers but from a couple of candidates, which are silenced and kept from the publics knowledge by powerful people whom are in control. I do have some hope, but it is fading fast.
I honestly feel that there will be another civil war in this country if things continue the way they are. It will not be the Whites against the Blacks, against the Hispanics, etc... It will be the poor against the rich. You know where the corporations and the corrupt politicians will stand when this happens. Change takes ballots or bullets. Sooner or later people will be tired of trying to make change peacefully with ballots.
It may not happen in my lifetime, but I think it will happen sooner than anyone thinks if the current path is followed. All it will take is someone high up in the military to finally get fed up with the corruption to take the action of cleaning house. We have already seen first hand the dissent in the military ranks all the way to the top. Several generals have peacefully resigned/retired and spoken in protest to the insane, illogical decisions made by the current administration and the path it has taken us down. Sooner or later someone with a bigger set of balls will do something about it if this continues.
It would not be a good thing to have this happen, but if things continue the way they are I would sadly be in support of it. It would be a rough road, but change is needed in a bad way. We are currently on a path of assured economic destruction, which will have effects far and wide around the world. We should learn from the past history of other, once large and powerful Republics. It seems to me that we are doomed to repeat history unless there is change.
I hold the hope though, that this vast information highway called the internet will tip the field in the favor of the people in due time. The option to see and read more news from many sources, rather than the few sources force fed to the masses controlled by the powerful and corrupt few. The internet has broadened my view of things. This too may not happen in my lifetime, but I hold hope that it will foster a peaceful change in time.
I hope for a peaceful change, but I am very afraid of what could and might happen.
REALLY open the voting... (Score:4, Interesting)
Then independent organizations can tally the votes themselves and verify that the election was on the up and up. They can also allow people to check their votes in the database to verify individually that the database itself is correct. Assuming the database has been distributed in whole to all of the various organizations, mis-votes should be easy enough to discover.
Then it only remains that you need to protect people's anonymity. A ticket that can be used to verify an individual vote on behalf of a person can also be used to verify that vote to the satisfaction of a vote-buying machine (or worse.)
A solution is to obscure the information by giving each voter not one, but a list of ID numbers and told which one is theirs privately. That way, nefarious organizations wouldn't be able reliably say they've been given the correct number, which should kill their scheme. It's not a perfect solution, though, and I can already see flaws in it, but that just means it needs a bit more work before it's ready for prime time.