Electronic Voting Machine Cracker Challenge

An anonymous reader writes "In the ongoing debate on the security of electronic voting, an Atlanta area programmer has confronted Georgia election officials on the potential for fraud in its statewide electronic voting system. She claims that she can be prepared to crack the system within a week, and officials have accepted the challenge." What makes this even more interesting is that the election officials are encouraging the woman, so that any possible exploit can be found and remedied.

This is VERY true

[WilliamsDA]

The Diebold system does have major flaws. I was just at the Crypto2003 conference where one of the talks was on the faults in this system. Amongst other things, when they pointed out the major errors in code, the company replied back calling DES (or DSA, I forget) a compression scheme, and they implemented an algorithm from Handbook of Applied Crypto for purposes of encryption with a value listed in the book that says explicitly "Do not use this for cryptographic purposes"

Re:This is VERY true

[cpeikert]

and they implemented an algorithm from Handbook of Applied Crypto for purposes of encryption with a value listed in the book that says explicitly "Do not use this for cryptographic purposes"

It was actually worse than this -- they used a Linear Congruential Generator, which is a very cheap method of generating "random" numbers. Those numbers might work well for simulations, but for cryptography they're totally predictable once you've seen just a couple of output values. Cryptography relies upon the unpredictability of random numbers for security, so LCGs should never be used for that purpose.

At Least

[dolo666]

This is a change from the Kevin Mitnick days when ppl would be incarcerated for even *thinking* about cracking a gov system.

Mad props to Georgia for being cool about this.

Re:At Least

[rblancarte]

Hell, you would think that Georgia (and any other state) would have a "Hack the System" type contest. Considering what this is being used for, finding and, more importantly, fixing all the flaws should be of high importance.

Re:At Least

[kableh]

Then again... I see this almost as a copout. If government is to be truely transparent, if the encryption scheme is truely unbreakable, then the machine's code should be open source and subject to public scrutiny.

Of course, there is always a large gap between my ideals and reality =D. This just happens to be one instance where I can see how RMS has it right in ways.

Re:At Least

[drinkypoo]

RMS has lots of good ideas. The problem is that he has a tendency to treat all of the ideas as an unbreakable package, which means that people will tend to throw his baby out with his bathwater.

Erk, that just caused me to have a horrible thought, what would his kids be like...

Re:At Least

[rblancarte]

Well, someone has started an open source project on this:
EVM Project [sourceforge.net]
so maybe your are onto something here. I can really see the benefits of this project. Free, open source, anyone can look into the code and see the problems and fix them. It is a solid idea.

Re:At Least

[sapped]

Hell, you would think that Georgia (and any other state) would have a "Hack the System" type contest.

This is what they were planning on before this woman came and upset their plans. The "Hack the System" contest was scheduled for... let's check the calendar here...hmm found it, next election date. Yes, that's the "Hack the System" date.

Re:At LeastA better challenge

[Stephen Samuel]

A better challenge would be to put together a prototype system with an easter egg for munching the results, and then challenge the electoral people to find the easter egg. -- just to prove how hard that is to do without the source and a paper trail.

The difference is....

[Brian_Ellenberger]

The difference is that she didn't try to hack it first. She made a challenge and they accepted. This is how normal society acts. Hackers have made a bad name for themselves by doing things without other people's knowledge or permission---often to show off their "superior skills". Hackers may feel this is no big deal or some sort of "good work", but normal people feel very threatened and violated. Hence people like Mitnick go to jail.

If Mitnick had asked and recieved permission like this woman, there would have been no problems.

Brian Ellenberger

Re:The difference is....

[Morosoph]

The difference is that she didn't try to hack it first. She made a challenge and they accepted. This is how normal society acts.

Although this is true, it is by making the 'normal' universal that we oppress. Arrogance on the part of those running the vulnerable system is in fact likely to both make them sloppy, and take those who would crack their system to court. We need to protect the messenger so that people focus upon securing the system against attacks, rather than their ego.
I am not claiming

SCO Voting

[McBride, Darl]

SCO's Intellectual Property and Trade Secrets are embedded within the Georgia voting system, and my lawyers assure me that this programmer will be vehemently prosecuted under the full extent of Georgia Law if this "crack" attempt is successful.

The Plan

[imbaczek]

1. Accept the challenge.
2. Make her win.
3. Fix holes.
4. Put her to jail on DMCA basis, or Patriot Act, or for desire to live and love for the country, or whatever.
5. ???
6. PROFIT!!!

(Hope #4 won't happen.)

Reasoning?

[Meffan]

Moreover, they said, paper ballots can be tampered with more easily than electronic ones, and they're harder to tabulate.

Sorry, don't believe that. A few locations in memory are easier to change than thousands of paper ballots. Hanging chads notwithstanding...

Nice comeback at the end -
Asked Williams, the computer security expert: "Are you saying there's no such thing as a secure and accurate computer? Do you fly on airplanes?"

I think I'd counter that by asking if he knew of any airplane where all members of the general public were allowed access to the terminals used by the pilots? And if so - does he fly with them?

Re:Reasoning?

[Anonymous Coward]

Asked Williams, the computer security expert: "Are you saying there's no such thing as a secure and accurate computer? Do you fly on airplanes?"

Maybe no one has pointed this out to Williams, but pilots are still trained to fly by instrumentation for this very reason; the computers are not completely reliable and the plane has to be safe even if the computer crashes.

Even NASA have procedures for restarting flight computers for crying out loud!

Paper AND Computers

[The Monster]

We changed our voting a few years back from the old mechanical lever system to one where you get a sheet of paper and a Sharpie to fill in the oval for the candidates/issues. Then you walk over to the scanner (with your ballot inside a cardboard sleeve to keep people from seeing it) and feed it through yourself. This arrangement has several advantages over the old one:

1. More people can fill out their ballots at once. Instead of being limited to the number of machines for your precinct (we have consolidated 4 precincts into a single location now) you are only limited by the number of lightweight, cheap carrels that shield your ballot from prying eyes. (If those are all full, and you want to fill it out in the open, that doesn't disqualify your vote.)
2. Absentee voters can recieve a ballot exactly like the one they would vote on normally (since no special equipment is required to do the voting) which can be held until election day and counted with the rest.
3. When the polls close at 7PM, the scanner can dial up and transmit all the totals instantly, and we have an accurate count within minutes.
4. If something goes wrong with the scanner, we can insert our paper ballots into a locked ballot box, which can then be opened for scanning (along with the ones that already went through the scanner into a lockbox) when the scanner is repaired or replaced, or the entire box taken downtown to be scanned there.
5. All the ballots can be taken down to the courthouse and run through several different scanners to confirm they all give the same totals.
6. Who is this 'Chad'? If a hand recount is ordered, we have solid pieces of paper and don't have the spectacle of judges holding them up to the light to try to devine the voters' intent. White paper. Red oval. Black marker. Not much room for argument there.
7. We can run random audits of just one or two polling places, and even limit it to just one question on the ballot - do a hand count and see if the numbers agree with the ones sent from that scanner. Since the software authors can't possibly know which one would be audited, they wouldn't be able to cheat even if they wanted to.

Re:Paper AND Computers

[NortWind]

We also use this system, except we complete an arrow with a black marker instead of filling in an oval. An additional good feature of the system (your system may have this as well) is that if you have voted incorrectly (two choices made for prez, or whatever) the scanner machine spits it back at you, uncounted, as invalid. You can fix it and submit a valid vote. No invalid votes ever make it into the counting box

I don't think our machines actually tally the cards, they just validate them, I think the c

Re:About chads

[Geek of Tech]

I know everyone is convinced that chads are the work of the devil, and caused all the problems in the 200 election, but I have to say that everyone is wrong.

I'm sorry, I'm not that old. How were the 200 elections? =p

Re:Reasoning?

[ant_slayer]

Moreover, they said, paper ballots can be tampered with more easily than electronic ones, and they're harder to tabulate.

Sorry, don't believe that. A few locations in memory are easier to change than thousands of paper ballots. Hanging chads notwithstanding...

Interestingly enough, I was challenged on the idea of electronic cash when I was making a very similar argument. After researching some of the various cryptographic schemes for electronic cash, I came to the conclusion that if some of them wer

Re:Reasoning?

[doorbot.com]

Sorry, don't believe that. A few locations in memory are easier to change than thousands of paper ballots. Hanging chads notwithstanding...

Well here in San Francisco, quite a few boxes of ballots regarding the 49ers new stadium ended up in the Pacific Ocean. While electronic voting definitely has it's potentials for misuse and voter fraud, there are a variety of other tactics available to criminals.

With that said, I do believe an open system, with a yearly code review (by different programmers each year)

Re:Reasoning?

[danila]

Sorry, don't believe that. A few locations in memory are easier to change than thousands of paper ballots. Hanging chads notwithstanding...

Depends on your definition of "easy to tamper with". Apparently, it's easier to change a single paper ballot than a single electronic ballot, but once you can change one electronic ballot, you probably can just as easily change them all, which is not true for paper.

So while the expected number of tampered ballots might be similar (I am not saying it is), electronic ma

Why electronic voting ?

[Krapangor]

I most European countries people use pen & paper voting.
And unlike the US there was never a Florida voting scam.
And paper is much more immune to fraud: the election sheets are stored for a certain time, so any questions and be sorted out by a recount without any paper pebbles dropping from the holes. And if a fraudelent government wants to pull off a voting scam they have either to forge election sheets, which would be noted afterwards, or they have to destroy sheets, which would be noted, too.

So why use a high-tech solution which isn't immune to fraud and other problems instead of a low-tech solution which hasn't these problems ?

Re:Why electronic voting ?

[gilroy]

Blockquoth the poster:

And unlike the US there was never a Florida voting scam.

While as disgusted by the whole Florida debacle as any freedom-loving person would be, I have to say: Until the last presidential election, the US hadn't had a Florida-sized failure, either. In other words, Europe might be doing it right or they might have just been luckier.

Re:Why electronic voting ?

[rusty0101]

While I agree that there are flaws with going to an electronic ballot, there are several advantages over paper ballots.

As an example I live in a voting district that Senetor Wellstone represented. As a result of his plane crash and death two weeks before the general election Voting involved suplementary ballots for the senate seat he had been running for. The paper ballots had already been printed as the normal date for candidates to declare had already passed. Suplementary ballots had to be printed when Mondale ran as the party candidate replacement for Wellstone.

An electronic voting system would have mearly required a change to the template each voting machine used for the election.

Other advantages include faster reporting of vote counts. Though this can normaly be handled by an electronic counter for paper ballots (using the filled oval method)

One method of making a paper count possible with an electronic ballot system would be to print a paper copy of the selections made by the voter, and have the voter initial that the copy is what they chose, which then gets filed. It could be as simple as a table of offices with the selected candidate. A large number of ballots with the same initials would be a flag for concern as it may show an election official is not following the accepted procedure. Initials would not be generally traceable back to the person who made that mark.

A series of numbers at the top or bottom of the page, or as an additional table entry would provide a machine readable version of the selection. I don't know of any election official who would relish the thought of going through 10,000 or 100,000 (or more) ballots and reading off each name.

Then again, that's just my view.

-Rusty

Re:Why electronic voting ?

[TheLink]

Uh, why not just have an announcement that a candidate is dead?

If people still insist on voting for someone who is dead, let em.

Re:Why electronic voting ?

[ceejayoz]

Read his post again, slowly.

Suplementary ballots had to be printed when Mondale ran as the party candidate replacement for Wellstone.

They needed to replace the dead guy's name with the new candidate, not just remove him from the ballot.

Re:Why electronic voting ?

[tsa]

Maybe a voting machine that produces a roll of paper with all the votes written on it close to each other (like the machines they use in stores, which I don't know the English name for, but you get a small paper receipt that shows how much you paid) is in order. The counting of the votes goes very quickly with the computer and in case of doubt there is this long slip of paper that is difficult to tamper with if the right ink is used.

Re:Why electronic voting ?

[Austerity Empowers]

The words you're looking for are "cash register", and I think this is a good idea. Better, if before leaving the voting booth you can verify that what is on that piece of paper reflects what you voted for. Keep it behind a pane of glass so that one can't actually MARK it, but at least see it.

I'd feel more comfortable about electronic ballots if I knew there was a paper trail. No one will ever convince me that any electronic system is secure and unhackable, it's too easy to twiddle some bits. I'd feel bette

Re:Why electronic voting ?

[tsa]

Thanks for improving my English. What I forgot to write (but most people will see that right away) is that this system is difficult to tamper with because all votes are on the same piece of paper so no votes can be easily added or removed.

Paper more immune to fraud?

[Shivetya]

Sorry to burst your bubble, but paper voting is rife with fraud, that is one of the major reasons it took so long to rid many of it.

Going to digital introduced a whole new system, whereby the exploiters of the previous lost their investment and are forced to start again.

Voter authentication needs to be taken further with the requirement of a picture ID, as it stands now, many dead vote on paper ballots, and many votes that are for one party or another are either lost or damaged so as to become invalid.

If Florida proved anything, it proved just how dangerous paper ballots were, and even how more dangerous subsequent handling of them was. Seems to me many stories of how the same box of ballots yieleded different results depending on who looked at them!!! How is that not an easier source of fraud? Especially when people start introducting "interpetation of intent" into the mix!

Sorry, digital voting will one day be the only true way to avoid fraudelent voting, however for that to come about we will had to shed some of our mickey mouse vanities. Something must be done to not only protect our vote from a fraud at the machine but to protect our vote from fraudelent voters (ie, the dead, the multi-voters, etc)

Re:Paper more immune to fraud?

[RayBender]

The comment above is not insightful. The only way to avoid fraud in the voting process is to have it as open and transparent as possible. Who do you want counting your votes, some judge who you can sit and watch, or some black box that was programmed in secret by some guy, and who won't show the source code (and even if he did, how do you ensure that was the code run on the machine)? Paper ballots may have issues, but the one advantage of the pen-and-paper approach is that any reasonable person can look at

Re:Why electronic voting ?

[drinkypoo]

However what you are ignoring is that there were TWO Florida issues which caused the whole thing to be classified as a "scam" and even "debacle" - Not only were the ballots (deliberately?) confusing, but then when the vaunted recount was being done, it was illegally stopped by a relative of the candidate in question.

Using an electronic system would have made a recount unnecessary, but the question is, can you stuff it? I think it's clear that the system must be free and open source software in order to en

Re:Why electronic voting ?

[dsnowak]

Ever looked at a ballot for a U.S. general election? We don't just vote for President and Congressman in an election. Depending on the timetable for the state in question, on a general election ballot, an American is often voting for President, Congressional Representative, and Senator on the Federal level; Governor, Lieutenant Governor, Attorney General, Secretary of the State, Agriculture Commissioner, State Treasurer, State Supreme Court Justices, State Delegate and State Senator on the state level; Ma

Re:Why electronic voting ?

[Anonymous Coward]

I live in Leon County, the capital county of Florida, and the epicenter of the last big (thank you California) voting scam.

In our county, we use paper ballots which are scanned by an optical scanning system. As far as I can tell, it's the current appropriate technology for this function.

Here are the positives:

1. You only require one (or a few for a big precinct) piece of equipment per polling place instead of a computer for each voting booth.

2. When the votes are entered into the optical scanner (by

Re:Why electronic voting ?

[gl4ss]

no.

doesn't really matter either.

does it matter if it is succsefully done in a population of 10 million or 100million? it scales pretty consistently(the voting system), unless you want to outsource it to someone who will do it most cheapest(and so don't have to rely on volunteers and activists doing the grunt work, using a system like the system in florida is just laziness or lack of effort, or the determination to have both.)

if a system is good enough to get election night returns on population of 25 mil

Re:Why electronic voting ?

[delphi125]

>Does everyone in the entire EU vote for a new president/prime minister/leader at the exact same time? To the second? or to the femtosecond? Seriously: many countries in the EU are significantly bigger than Florida - where I doubt the voting times were the same as say New Hampshire, or California. And the system in the US is based on this last item, as everyone is well aware.

Re:Why electronic voting ?

[imsabbel]

Here in germany, the votes are counted in small "wahlbezirken", each of them with a few 1000 votes. The results are transmitted to a central station, the papers are secured.
At the last election, 30+million people voted. After 3 hours, the results were aproximated +-2%, after 7hours the official end result was presented.

It's a win-win (then lose) situation!

[Phantasmo]

She cracks it, reveals the expoit to them, they thank her, put fixing it on a "to do list", then knock her into prison with the mighty DMCA!

I can already hear the local news station:
"Computer hackers are trying to steal your votes! Politicans are asking that if you know ANYONE who both likes computers and is interested in voting that you report them to the police immediately. Film at eleven."

(then lose (then win again)))

[rde]

I'll probably turn out okay for her. Remember: the last time anyone was found to have rigged an election, you made him president.

Re:(then lose (then win again)))

[AntiOrganic]

I sure didn't make him President.

doh

[Anonymous Coward]

God, this is stupid....

Instead of doing such a media hype just open the source code for the public and let about 10'000 people have a look at it.

Idiots.

Re:doh

[Anonymous Coward]

They did, by accident, months ago, by having the full source code (tar of the CVS repository, actually!) available on an open FTP site.

Whoops!

I browsed through it myself a while ago, the smartcard portion was epecially weak -- it'd take two minutes to write an "Administrator" card (passwords and card-reader keys were in plaintext in the code!) that'd allow all sorts of goofiness.

I just have to say...

[p3d0]

Please mod parent up, and mod this down. Thankyou.

Re:doh

[Slack3r78]

I'm glad someone else brought this up so I didn't have to. If there was ever an application that needed to be open source, this is it. There's simply too much at stake and too much of a chance for shady manipulation if our voting system was to suddenly become a mystical blackbox where no one really knew what was going on inside.

The only way to disprove any kind of impropriety in an electronic voting system would be to make the internal workings freely viewable to anyone, anywhere. Not only would there be concerned "Citzen Hackers" checking the code, but I'm sure it'd open up a whole field of university level research. And honestly, I'd far rather my tax dollars go to research grants where an open system can be checked and improved than to a private company which may or may not have an agenda that I don't know about.

Reply: doh, ... But ...

[OldHawk777]

But, but, but, ... how does that help GW or his brother next time, the Bush, Kennedy, or any other USA political dynasty [AKA: USA Aristocracy]. Politics in America has become "pomp & circumstance"..."Dog and Pony" shows for the media to market fools or criminals to an almost illiterate (the majority/51%) public. As in "Being There" I enjoy watching (it is funny ... a joke) not participating in politics, it just reminds me to much of rape ... nothing to enjoy and everything to object too.

OldHawk777

Rea

Re:doh

[EvilSporkMan]

Who says the code they show us is the code that's running on the voting machines?

Re:doh

[Verteiron]

Yes, because to compound this, you just KNOW that the media is going to be doing a follow-up at the end of the week's time. If she hasn't cracked it in a week, the media will rave about how secure the system must be, etc etc etc. If she cracks it the next day after that, we won't hear a peep about it.

Not that this whole deal is going to make the slightest bit of difference; if she does crack it, the people behind the system will just say "Well, that's irrelevant, because in the real world, a person wouldn'

prove

[Gorny]

Please will at least everyone keep in mind that when she wont succeed in cracking the machine that doesn't prove it's security.

You can't prove a product is secure, only showing that it's insecure...

Re:prove

[alfredo]

It's going to be her and several other programmers. they have had the source code for months, and know what the problem is. the machines run windows and Access.

blackbox Voting [blackboxvoting.org]

Re:prove

[GoofyBoy]

I don't get the point of this either.

She cracks it, they fix it and then declare its all fixed now.

She doesn't crack it, they declare its ok.

Even if she does crack it, they can just claim that they did detect it ("its super-duper-secret code, too bad you tripped it") and call her attempt a failure.

This doesn't look like a serious test, but a media relations stunt.

Re:prove

[Gorny]

What if no-one finds a flaw? Everybody claims (or at least the dudes who've created the machine) the voting mechanism is secure. But you cant say that. The only thing you can conclude is that there were no flaws found.

If someone would find a flaw he/she would have showed an absence of security in the product. But when he/she didn't find flaws that doesnt necessarily mean the product is secure.

Unrealistic trial

[blair1q]

One cracker?

Try everyone in the state if you want a real test.

Re:Unrealistic trial

[myyrk]

I don't think even 1/2 of Georgia state can use a computer, much less be a cracker.

Thats where your wrong, because they are all crackers.

The Odds

[CGP314]

He put the odds of corrupting the software undetected at 1 billion to one.

If you make a statement like that you are asking for trouble. It's like walking into a bar and saying 'No one here could win in a fight with me.'

Re:The Odds

[SuiteSisterMary]

I think it's Australia, especially the rural/outback areas, where if, in a bar, you empty your glass, turn it over, and thunk it down on the bar/your table, that's *exactly* what you're saying.

Why not open the challenge to all?

[mikeophile]

If I was to don the tinfoil hat for a bit, I'd say the only reason the dare was so readily accepted by election officials was to stage the illusion of security and uncrackability.

Of course, this is assuming Ms Jekot fails to find weaknesses in the voting system.

Even if she does find exploitable flaws, will she find all of them? Probably not, in my opinion.

Am I being cynical and paranoid? Hell yes.

Be interesting to see

[jamesjw]

It'll be interesting to see what kind of feedback this generates, I mean, if the cantidates dont like their outcome in future elections they can say "Well, a hacker musta changed my tally"

While i'm sure the intentions are good, i'm just a little unsure about what kind of picture this paints, especially with the DMCA in the US, legally shaky? maybe..

-- Jim.

Who do you trust?

[Herrieman]

Although it's good to have an independant security audit of the hardware/software, it's still a far cry from what I would call development of a secure system.

Did an independant auditor (or security specialist) audit the design - both hardware and software - from a security point of view? Where there independant audits/reviews of the coding or assembly of the hardware? Can you trust the developers or factory workers? Who is monitoring the deployment, development, good working, ...? What are the logging/auding possibilities? How secure is the data transmitted? How secure is that data stored?

Who will monitor the people who are in charge of the system?

Ultimately, you have to trust someone. And putting trust in the wrong kind of people is the biggest security risk there is ...

Way to go Roxanne and Georgia ...!

[OldHawk777]

Bravo Roxanne - Technology and Cultural Wisdom and Enlightenment being displayed in a Southern State "Georgia". Dang, what in the world will happen in Mississippi and/or Alabama next. I may just move back down south when I retire, maybe they ain't the evil dumb (white and black) bigots I remember from my childhood anymore.
That this forward thinking behavior is happening in the USA is a surprise, but that it is happening in a Southern State (not at fed-level), a Woman made the challenge, and a predomin

Re:Way to go Roxanne and Georgia ...!

[Daniel Dvorkin]

Of course Southern culture has changed over the last 30 years; so has Northern culture and Western culture -- they've all become more like each other than they used to be. Thanks to a number of factors (the universality of TV shows and popular music, increased geographical mobility, and yes, damn it, the Net chief among them) the US, like most First World nations, is a lot more homogenous than it used to be; and in fact the same phenomenon is occurring between nations as well as within them. Whether this

Bubba Notes

[Arbogast_II]

That was a practical and honest solution to the percieved problems with the voting machines.

Also, I noticed a tidal shift in which American states were now most enlightened this winter, when talking to a California Cousin, he noted that at least his governor kept the power on. Seeing as keeping the power on is a GIVEN down South, I started wondering which states were truly the most advanced in US.

This is a hoax

[DarkAurora]

This is obviously a hoax. Everyone knows that there are no women in computer science. :)

I've been in college for a few years and I haven't seen a women since I stopped taking Gen. Ed. classes.

Re:This is a hoax

[Daniel Dvorkin]

Then all I can say is, you're at the wrong school. My undergrad CS courses were nearly 50% female; in the grad courses it's more like 30%, but there's still plenty of eye candy. Hint: try an urban commuter campus that caters more to working adults.

Re:This is a hoax

[Dark Lord Seth]

Aha! There you are wrong! I happen to know a grand total of... Three women doing IT in the same college as me, possibly four! (Don't ask.) Now, one of those is only still at college because she begged her way through, one of them isn't the brightest nor most active person around (Which makes her the PERFECT Windows sysadmin manager!) and the latter one is a combo between a raver, a goth and er.. something tiny. But she's clever and she talks more then I do. Not to mention she's going for the whole software

Re:This is a hoax

[panurge]

Rear Admiral Grace Hopper, author of Cobol.

Remember, those who know no history are doomed to repeat it. You, my friend, are therefore doomed to reinvent Cobol.

I *STILL* can't believe

[ajs318]

that the companies that manufacture voting machines are not mandated to publish full specifications including technical drawings and listings of firmware, for anyone to look at, any time, for free. It's like they are trying to say mere mortals are not supposed to know the processes by which their representatives are elected.

And don't give me the hand-wringing "important proprietary secrets" crap. Firstly, all companies would be required to show their "secrets", so nobody would be gaining any unfair advantage. Secondly, what the hell is so secret about adding up a bunch of numbers anyway? And thirdly, what corporate secret is more important than the due processes of democracy?

If these companies are not prepared to let the general public - who are, after all, the rightful owners of "Government" property - scrutinise their products, thenthat alone is a good enough reason why the public should reject their products.

Re:I *STILL* can't believe

[jgardn]

Hear, hear!

Only through open processes can a democracy or a democratic republic be maintained. How would you feel if any of these processes were closed and not a matter of public records:

- Lawmaking
- Budget writing
- Judicial Hearings

If our election process becomes secret in any way shape or form, then our democracy is doomed. Elections are the key to our government, and the second the people believe that their vote isn't counted, then our nation will fail. I believe Republicans, Democrats, and most

Roxanne?

[ergonal]

Roxanne Jekot, a 51-year-old computer program developer from Cumming

Roxanne, you don't have to put on the red light :(

the state is so worried that they

[alfredo]

have destroyed the record of the 2002 election, in defiance of federal law. they have stated that the election went smoothly.

Right before the election, an uncertified patch was installed to all the voting machines in Georgia. There were some stunning upsets in the race. Saxby Chambliss and Sonny Perdue won in dramatic, come from behind fashion.

the Libertarian party candidate has issued a formal request for the voting records, the ones that have been destroyed.

Re:the state is so worried that they

[Slack3r78]

How was Sonny Perdue a come from behind victory? While I'm definitely liberal-leaning, (although an elected Georgia Democrat is essentially a Republican in other parts of the nation :)) there's no way I would've voted for Barnes in the last election. Where Barnes screwed up was in education. He made totally unrealistic mandates without funding soon after he came into office. Georgia school districts are STILL hurting from this, even though it's been what, 4+ years since then? You may not realize it, but tea

Re:the state is so worried that they

[gilroy]

Blockquoth the poster:

The Libertarian party candidate has issued a formal request for the voting records, the ones that have been destroyed.

Um, doesn't that mean they'll have to wait until someone invents a time machine?

Re:the state is so worried that they

[Ian Bicking]

They also strangely stopped exit polls part way through, even though exit polls would have been an important measure of voter intention, and a significant discrepency between poll results and votes tallied would be evidence of fraud or misinterpreted voter intention. The justification for stopping exit polls part way through the day (that it might effect the race) was absurd, as it is not difficult to withhold the results or simply not collate the results until after the polls have closed.

If she fails

[porkface]

This only PROVES their ignorance. If one person fails in one week, that's far from showing that the system is secure.

Open Sourcing it won't make it secure either, but it would probably be the fastest way to fix a ton of the most obvious holes.

Better yet, if they want good PR, they should hire Mitnick to have a go at it. Lord knows he's probably rusty, but his name alone would end the debate one way or the other.

One week? Why?

[ruiner13]

"She claims that she can be prepared to crack the system within a week..."

Perhaps I'm missing the point of this, but doesn't an election system just have to be good enough to last one day without being hacked? How many one week long elections are there? As long as you leave the system secluded before you release it, then only expose it to the public for one day (election day), I think that there wouldn't be any time for people to realize exploits on it, providing it is a unique system that doesn't use c

Security through obscurity

[FreeLinux]

This doesn't really work, no matter what Microsoft might say.

The point is that if the system is vulnerable at all then it should not be used and the results from it cannot be trusted.

Run elections at Defcon

[phr2]

or some other cracker conference. Sort of like electing the King and Queen of the County Fair. Just announce that at Defcon you're going to elect the Evil Overlord of All The Crackers, and you're going to use Diebold machines to count the votes. That should lead to some amazing exploits :).

Who is this woman?

[Bob Cat - NYMPHS]

She's a webmaster with an interest in carnivorpus plants. She did this site.
http://www.cumbus2002.org/eco_rescue.htm
N ote the fucked up links on the bottom of the page. They point to c:.
She does not even have a web site for her web design business! AWEBPLACE.COM is registered to her company Southern Belle Software. Search for some of her posts to newsgroups for more dismaying info.

How about posting the code here, Roxanne? A 'few of your expert friends' will be happy to help you out.

Electronic Voting Machines

[foo_48120]

At least in a paper voting world, there needs to be some semblance of a paper trail record to be available for recounting.

While such systems can be manipulated, it takes quite a lot of people in the loop to do so. Voter early, vote often; run a steel rod through any Republican ballots in Democratic areas...

The move to scannable ballots using sharpie markers is a bit better but physical security of those are questionable as they allow thermal printouts and often have the covers open at the polling places.

Right now, if I want to steal an election, I probably have to bury my opponent in the places that I control the entire polling apparatus with my political party hacks. It looks crude and messy to anyone who watches.

Now if we have all the local precincts reporting frequently into a central computer system with two way back door communications; we can easily determine the number of manufactured ballots needed and allocate them over a greater number of precincts without drawing any attention at all.

An example of this is a weighted average cost bid, I have personal experience with this. If we know that there are two items on the list; one says it will buy a million of an item and the other says it will buy 3 of the item but the quantities are reversed. I can make my evaluated bid much lower and rape the buyer by biddin no cost for the first item and $10,000 for the second item (assuming both are worth $1000); however the bid will look really, really abnormal compared to the other bidders and they are going to smell a rat even if they don't know the real quantities to be bought.

However, were I to just shade the bid a bit by lowering the cost on one and raising on the other I could win the bid, have higher margins and no one be any the wiser. OK, the example of a million vs 3 is too extreme but so is the ballot count for Democrats in these key urban areas coming in higher than the total number of living and dead there.

If the election comes in as the controlling power wishes, there is no need to do anything. If it is off track, they can certainly round up people on buses to vote but they can also create some new ballots that will be totally untraceable.

All electronic balloting is not to be trusted.

Computers do many wonderful things, counting elections is not one of them.

D

More background

[heydude]

Curious for more about this story, the best background I found was here. [workersrighttovote.org]. Also, this bill [loc.gov] seems to be starting down a better path toward a publicly viewable system. Not sure about the paper trail part though.

Normally...

[jd]

...a capture-the-flag event would not really be that useful a way to diagnose failures. However, this is a head-to-head CtF, which is different.

This offers the potential to expose not just one flaw, but many. It also offers the potential to encourage greater consideration of security elements in voting.

Creating an Audit Trail

[hugesmile]

The CORRECT way to implement computer voting is to create a process whereby each time someone votes, the computer creates a mathematical "voting result" string of numbers, such that the voter can literally SEE their vote among the string of numbers. Then as subsequent voters vote, the "voting result" changes, such that others can see their results as well.

The algorithm (not to be confused with Al-Gore-rhythm) must allow ANYONE to tabulate the votes by examining the "voting result" string of numbers, whic

No paper trial == trouble

[Whammy666]

The potential for fraud is only part of the problem with electronic voting. The biggest problem is the lack of a hard paper trial to use in the event of a recount or if the machine crashes. Suppose you have a group of booths in a busy voting district that suddenly decide to blue-screen. Potentially, thousands of votes could be lost. The lack of a paper trial has been brought up many times, but proponents of the system have so far dismissed it as unneccessary. This is just asking for trouble.

Even worse is cases like those in Florida where the state purchased new electronic voting machines with the provision that their warranty would be immediately canceled if the state ran tests to verify their performance. Egads! This has fraud and disaster written all over it.

Our system of democracy is very important our liberties. As voters, we should insist that our voting system be beyond question. That means it should be secure, verifiable, and robust. The best way to accomplish this is through open-source peer review of the code and hard-copy backup of voting results for auditing purposes.

Two things here...

[Vip]

" Asked Williams, the computer security expert: "Are you saying there's no such thing as a secure and accurate computer? Do you fly on airplanes?" "

That would be the most insane statement in the whole article. There is no such thing as a secure and accurate computer. Only one way to completely secure a computer. Turn it off, encase it in a 30ft concrete tomb. Very few will get to it, yet it still isn't totally secure, I'm sure there's a bunker buster out there that'll destroy it.

Accurate? Hardly. A computer will tell you what you program it to. If someone can change it's purpose (or results) you've no longer got accuracy. Note how the comment doesn't question the accuracy of input/output to the computer?

And finally, flying on airplanes. I think history has shown that there is no such thing as a failure-proof aircraft. However, I will still fly on them, because I hope that procedures ensure that it's not Williams flying it with a computer only.

Vip

New security audit methodology?

[D4C5CE]

Are they implying that a computer system is to be considered reliable just because one hacker/group did not find any (more) flaws in one specimen (not even "in the wild") at one given moment in time?
Auguste Kerckhoffs tourne dans sa tombe...
Whether she succeeds or fails does not prove a thing.
Since when do we attribute the most "l33t sk1llz" on earth to the first attacker, and then just assume we're safe to vote happily ever after?
The only route to go for the code that could finally make someone president is full disclosure. "Elected on Open Source" sounds a whole lot better than "four years under the rule of a computer glitch."

Is she crazy?

[codefungus]

I wouldn't do that. The next headline will be, "Cracker goes to jail for showing flaws in electronic voting system"...I mean, this is America...home of the patriot act and indefinate imprisonment without cause.

Just wondering....

[3seas]

if an expolit is found and patched, are we supposed to feel our voting is safe?

Do you feel safer every time MS patches their stuff with claims of fixing an exploit? Or how many patches does it take to make the public feel safe?

If a politician or political group wanted to exploit such a system, wouldn't they consider hiring someone familiar with cracking such a system? How would you advertise for such a job and even test the applicants?

If I vote electronicly, does that mean I can also participate in a jury electronicly?

I'm sure I can come up with all sorts of other perspectives but doesn't it all come down to simply controlling what the media reports anyway, and that it can eliminate or bypass any electronic counting system? (i.e. with all the media talking down on the Dixie Chicks, how is it that they are the top selling country band? Or how SCO has been so much in the Media lately about stupid stuff... who should believe the media anyway, no matter what the truth is.)

Point being, what verification do I as a voter get?

A: NONE!

I am expected to believe what someone else tells me the results of an election is.

Don't politicians as a profession lie? Especially in campagining for election? And haven't past elected politicians been found to lie to the public?

Doesn't this really all add up to cheating is OK so long as you do not get caught, or can't talk you way out of it?

There was a delay in responding to the olympic park bombing in 1996. The delay was caused by the program of the then new 911 system. It would not allow an assignment of a call to an officer(s) without inputting a valid address. Problem was, nobody thought to give the park an address, though everyone knew where it was, cept the 911 computer program. The call finally went out over old style walkie talkie to those officers who still had such a device. The delay time was perhaps long enough not to have saved those who died.

Point is, humans are smarter than programs. What we make we can break.... Electronic voting is just another place to manipulate the voting process. Another tool to perhaps convince people to vote for someone that is more likely to do something the voter would not approve of anyway.

But if such a systemn could be validated, then I think it could be used for more than just voting a politician into office, but could also be used to handle the day to day decissions of what politicans and their company do..... like slashdot moderation.... but better, more accurate and perhaps more verifiable to the adverage joe..

Open Source Voting Machine Project

[Lulu of the Lotus-Ea]

I tried posting a story about the EVM2003 project a couple weeks ago, but unfortunately it was rejected. I'll try again soon, I suppose. So this note is a little less complete (not all the background URLs and the like). The project comes out of several years of background work by some well known computer scientists, political scientists, lawyers, elections officials, and political activists. But the demo (to be written in Python, btw), is just starting development.

Anyway, the short story is that I am involved in a project to create an open source voting system, with the extra twist that the machines also produce printed ballots. That is, the electronic part makes selection more clear, and prevent overvotes and other errors, but after using the touchscreen (or mouse, or blind accomodation), voters can visually verify their ballot for accuracy before submitting it to the ballot box.

Read an announcement of the project at http://gnosis.cx/voting-project/announce.html [gnosis.cx].

Check out the sourceforge page for EVM2003 [sourceforge.net]. We also have a mailing list archive. [python-hosting.com]

Need audit trail... security misses the point

[ClarkEvans]

I'm not concerned if the system is secure or not (well, I am, but it is a side point). What I'm concerned about is that I can't audit the computer system without a paper trail. This is the most important issue. One can have a "secure" voting system which purposefully gives the wrong results on election day. Also, just beacuse one hacker can't crack it doesn't mean that other hackers won't.

Re:Need audit trail... security misses the point

[Steve B]

What I'm concerned about is that I can't audit the computer system without a paper trail.

A trustworthy system needs to be based on these criteria:

1. The selections entered by the voter (electronically, manually, telepathically, whatever) are immediately printed out and displayed (behind a window so the voter can't remove or alter them). If approved, they go to a lock box; if disapproved, they are marked VOID and dropped to a reject box (again, with visual verification for the voter).

2. If there is a

we need some standards

[MegaFur]

Another poster says "at least this is a change from the Kevin Mitnick days" (or something similar)

That poster is mistaken. We had a recent story on slashdot where someone was threatened with legal action for revealing a bug in some code.

IMHO there should be standards for how and when you are allowed to attempt to break into a piece of software or system to demonstrate its vulnerability. I suppose one way to go is:

1. find out that it's vulnerable
2. tell the company that you believe it's vulnerable and you'd like their permission to demonstrate that to them then
3. show them how you break in

It's a rather round-about process since you'll usually have to break in (secretly!) in part one to be sure that it really is vulnerable. But you can't let them know you did that or they'll prosecute you in step two. Suggestions?

Conflict of Interest

[cyranose]

Avi Ruben was probably a fool for not divesting or disclosing his interest in a pseudo-competitor, but why isn't anyone screaming about Senator Chuck Hagel's ownership of Diebold? here's a version of the story. [smirkingchimp.com] But where are the mainstream media accounts of this in relation to Hagel's unprecedented win in Nebraska using election machines his own company sold! And then he apparently failed to disclose this for years.

Frankly, if voting is going to be electronic and this insecure, I'd prefer to vote via the web. Better yet, I'll go vote via Taco Bell.

That's great, but...

[Eric Smith]

If she fails, the vendor, and possibly the election officials, will cite this as "proof" that the system is secure.

Re:Awful Wise of Them

[worm eater]

He put the odds of corrupting the software undetected at 1 billion to one. I'll put $50 on it.

Awful TRICKY of Them

[The Monster]

So, who wants to make book on whether or not she cracks it?

Define 'crack':

Brit Williams . . . put the odds of corrupting the software

undetected at 1 billion to one.

If she isn't detected, then how do we know she cracked it? Does she have to make the number of votes for each candidate end in 1,337 to prove she cracked it? No, that would be detected

Re:Awful TRICKY of Them

[Tyrdium]

Brit Williams . . . put the odds of corrupting the

software undetected at 1 billion to one.

You don't need to change the software to prove that it's insecure, just the data...

Re:Awful TRICKY of Them

[Anonymous Coward]

What they mean is that they would be able to look at the system after she has had it and then figure out whether or not every vote was a valid one. They gave her the equipment to work with so she will be able to add authorized votes and unauthorized ones. Only she will know which are the unathorized ones. The state will then examine the system to determine if they can detect whether any of the votes are unauthorized. Presumably each vote is digitally signed in such a way that the state feels that she wi

Re:Awful TRICKY of Them

[BooRadley]

I live in the district where this is taking place. Last year, Georgia got its first Republican governor since Reconstruction, along with many, many Republican upsets over Democratic front-runners. The Diebold machines recorded votes that mismatched pre and post-election polling by large percentages.

I would love to see some sort of accountability for these damned things, besides some independent "hacker" trying to break into one. What is needed is a redesign that provides an unalterable record of each vo

As a native Southerner

[The Tyro]

I resent your implication that we're all slack-jawed, inbred, wife-beating neanderthals.

Indeed, the very idea is preposterous

But while I'm thinking about it, you've got a pretty mouth... why don't YOU get me another beer, before I make you squeeeeal!

Reply: Encouraging, Y'all try'en ta be funny

[OldHawk777]

Okay, I ain't seen it yet. I cannot resist ....

Is Roxanne a Georgia Cracker?

Someone must of asked already, but I did not see the Q&A.

Ain't it funny, how the meaning of words and phrases change with time?

Things always seam to get better.

OldHawk777

Idiotic rebuttal #36b -- the "disabled" b.s.

[BevHarris]

No one is saying get rid of touch screens, we are saying PUT PAPER IN THE PRINTER which is already built into Diebold and every other touch screen machine. Print ballot, voter verified, it goes in a ballot box, you've got evidence of the vote. Explain why: 1) A person in a wheelchair, or a muscular or neurological difficulty, who can vote on a touch screen suddenly cannot vote on a touch screen if you have paper in the printer. 2) A person who is blind, and uses the headphones to vote, suddenly cannot vote on a touch screen using headphones if you have paper in the printer. This is a prepared talking point sent out by the voting machine industry. Bev Harris Black Box Voting