Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
United States Security

BlackBox Voting Tests California Diebold Machines 238

Doc Ruby writes "The California Secretary of State has invited Black Box Voting to hack away at some Diebold voting systems. The testing is set for Nov. 30, 2005. Evaluations conducted by Black Box Voting in San Joaquin, Marin, and Alameda counties (Calif.) reveal that a critical paper audit component is missing for all absentee and mail-in ballots, and also for recounts. (Black Box personnel were hired by the Libertarian Party to conduct inspections.)"
This discussion has been archived. No new comments can be posted.

BlackBox Voting Tests California Diebold Machines

Comments Filter:
  • Paper trail... (Score:5, Informative)

    by Pig Hogger ( 10379 ) <pig DOT hogger AT gmail DOT com> on Wednesday November 23, 2005 @08:26PM (#14105155) Journal
    Paper trail: the magical words. In Montréal, Québec, the recent municipal election is being contested. Mark-sense ballots were counted by machines, but ballots are kept in sealed boxes after being run through the machine (by the elector). Right now, the ballots are being recounted by hand in the courthouse.
    • No paper trail (Score:4, Insightful)

      by Profane MuthaFucka ( 574406 ) <busheatskok@gmail.com> on Wednesday November 23, 2005 @08:32PM (#14105172) Homepage Journal
      We want a paper ballot. Sure, we could have a computer voting system, but it has to spit out a paper ballot with my choices marked on it. THAT is the ballot that should be counted, either manually, or with an optical scanner.

      If the paper trail that I look at is not the same ballot that is counted, I can't be sure that a programmer decided to print one thing and tally another.

      • Re:No paper trail (Score:5, Informative)

        by Sepper ( 524857 ) on Wednesday November 23, 2005 @08:45PM (#14105250) Journal
        The machines used in Montréal (the ones I saw) where optical scanners with a sealed box to contain the ballots.

        The problems we had, was that the center database that was used either crashed or could not handle the load...

        Either way thoses sealed box are getting recounted by hand... In the municipal court... In front of provincial judges...
      • Re:No paper trail (Score:3, Informative)

        by Lars Clausen ( 1208 )
        I Denmark, we have all-paper ballots, and it just works. Never heard any accusations of cheating, not even from our most extreme parties (like those to the left of the communists), polls results are in within a few hours, there's a nice big paper trail. And before someone says 'Denmark is just a small country', there's nothing in the system that doesn't scale linearly. And no expensive machines required, either.

        -Lars
    • The big problem here is that paper ballots can still be tampered with - ballot box stuffing, throwing out opposing ballots, even changing ballots. It's possible.

      Maybe if there was some sort of (excuse the buzz word here) biometric way of tracking a vote? Paper ballots with a thumbprint? Well... that does make the whole "secret ballot" thing problematic... and everyone's finger prints would then have to be on file to vote, which probably wouldn't fly either... most polling places don't even require a pict
      • by n.wegner ( 613340 ) on Wednesday November 23, 2005 @09:14PM (#14105398)
        >The big problem here is that paper ballots can still be tampered with
        >ballot box stuffing, throwing out opposing ballots, even changing ballots.

        But you can have lay people there to observe this going on, whereas you'd need some engineers with logic analyzers to really track everything a totally computerized system is doing.
        • by Catbeller ( 118204 ) on Wednesday November 23, 2005 @10:21PM (#14105681) Homepage
          "whereas you'd need some engineers with logic analyzers to really track everything a totally computerized system is doing."

          And they couldn't possibly monitor the situation. Are all the voting machines running approved code? Impossible to know. Is the code locked down, or is it being replaced dynamically to cover tracks? Unknown. Is the code, a closed binary, full of triggers and cheats that only activate within certain parameters? Human nature says probably. Have the flash card couriers been tampered with? Who knows. Are the MS Windows machines acting as accumulators tampered with? Shrug. Is the easily modified Access database on the accumulator protected from tampering with Notepad? Impossible. Is there anyone around who is both 1) suspicious 2) knowledgeable enough to spot gross tampering? Nope. Are the vote totals modified when the technicians are called in to fix the machines during elections? Yes, Virginia, they are and it is a fact.

          Even paper backups won't work, and here is why: Paper ballots would not be counted unless a recount is triggered when the vote total could go either way because of a minute spread, OR obvious fraud is committed. If one is controlling the vote tallies at a district level, all you have to do, say, if the trigger is 1%, is to make sure the spread is greater than 1% -- and the RECOUNT NEVER HAPPENS. The paper ballots are not manually counted under scrutiny and compared to the computer counted votes.

          And this is beyond the maddening fact that Americans don't understand computers, cheating, or how to avoid this mess. The persistent idiocy I always hear from officials or reporters is the "print a receipt to take home with you" concept. Hair. Pull. Out. Receipts are useless! Paper ballots must be printed for each vote, shown the the voter, and placed in a ballot box.

          Here's a simple fix for the recount trigger problem: random manual recounts for every election. IF even ONE of the races turn up as fixed, the lid is blown and we go back to hand counts. I can only hope.

          Diebold has fought a manual recount system so ferociously that (Occam's Razor) they have indeed fixed elections. Their have been a lot of stories and sources stating that the employees know something is crooked, altho they are afraid for their jobs. Jobs in IT are scarce. The top management is far-rightist and saw it's duty as electing Bush; the details are tiresome.

          Notice exit polls are no longer conducted? They "broke" during 2000, so no news organization will have them anymore. This in spite of the fact that statistics don't "break" during only one extremely critical election, and no other. They didn't break, kids, the election totals were altered and no longer matched reality.

          Now we have these damned cheating machines in my precinct. I will vote absentee. To stop me, they'll have to "lose" boxes like the last election.

          The defunding of public schools has produced a nation of incurious people who can't understand how simple it now is to change election totals to suit those who run the machines.
          • by Pig Hogger ( 10379 ) <pig DOT hogger AT gmail DOT com> on Wednesday November 23, 2005 @10:32PM (#14105731) Journal
            Here's a simple fix for the recount trigger problem: random manual recounts for every election. IF even ONE of the races turn up as fixed, the lid is blown and we go back to hand counts. I can only hope.
            Here, recounts are automagically triggered if there is less than 5% difference between two candidates.
            • With electronic voting machines, there are no recounts. Asking the computer to spit the answer back at you again isn't a recount.
              If you don't trust the first result, and you get a different result from an electronic result, you are really screwed, since you'll never know which was right. (Probably neither :-)
          • by symbolic ( 11752 ) on Wednesday November 23, 2005 @11:54PM (#14106025)
            They didn't break, kids, the election totals were altered and no longer matched reality.

            What's ironic here is that in some countries, the exit polls determine the outcome of an election. The voting process itself is more a formality. I think this lends some strong credibility to your comment.
          • d they couldn't possibly monitor the situation. Are all the voting machines running approved code? Impossible to know. Is the code locked down, or is it being replaced dynamically to cover tracks? Unknown. Is the code, a closed binary, full of triggers and cheats that only activate...

            Guys... it's really not this difficult. Think about it for a second. If the machine prints out a HUMAN-READABLE ticket that the voter can verify and stick in the ballot box, no amount of computerized shenanigans can signif

            • by Shaper_pmp ( 825142 ) on Thursday November 24, 2005 @05:13AM (#14106858)
              The first poster was paranoid, but you're wilfilly oblivious.

              Exit polls have been used the world over to predict election results for decades [wikipedia.org].

              The 2000 and 2004 elections were widely suspected to have been corrupt, and there's a positive litany of discrepancies, sketchy behaviour and incredibly convenient "co-incidences" around the personnel involved and results obtained. Then, after these useful and reliable exit polls disagree strongly with the "official" result, the administration says it doesn't want to do exit polls any more?

              Have exit polls returned perfectly usable, useful results for the overwhelming majority of the time they've been used? Yes.

              If "exit polls" had suddenly and spontaneously broken in this one case, does that justify not using them in the future? No, because statistical outliers aside, in general they're still very good.

              Have we discovered any new maths, or a statistical theory that suddenly proves exit polls are dangerously misleading? No.

              Were the exit polls wrong disproportionately more often in districts where Diebold machines were used? Yes.

              So we have a single event where the long-working exit polls (which are normally accurate) are suddenly and significantly different from the final official tally. This could be written off as a statistical fluke, but the Diebold and ES&S machines are already suspected of widespread insecurity and/or deliberate tampering, and then when it all hits the media the administration announces it won't be conducting exit polls any more?

              Why, when they've been used for decades without problem, are exit polls suddenly considered dangerous or misleading? Apart from, that is, their potential to provide an indication of election-tampering?
            • by TapeCutter ( 624760 ) on Thursday November 24, 2005 @05:57AM (#14106936) Journal
              "I want to see evidence to your claims."

              It's on every diebold machine, just fish it out of the bit-bucket.

              Insightfull, WTF? Your whole argument about statistics is based on the administration's official straw men (ie: exit polls were taken only in the morning, sampling is not as reliable as the official total). There were at least three sets of numbers, Rove's predictions, Diebold's count and the Exit poll stat's. Two of them were a very close match but they were not the two sets everyone (except Rove) had expected, the explaination is Rove101, stats101 has it's money on the exit polls.

              "The majority of Americans don't like extremists--and they HATE poor losers. Throwing those accusations without any sort of reliable evidence makes you look like both."

              Off course if I point out your statistician has no clothes I am a loser extremist and it is every American's patriotic duty to hate me. ( The "hate" bit may one day become the definition of "irony" ).

              "Not only that, but such accusations are dangerous."

              In other words, allowing people to voice concerns when they have no "evidence" is dangerous, therefore it's better to shun them than to answer their concerns. Modern doublethink: Provided you don't live in a cave with suicidal nutcases, it's ok to start a war without sane reasoning.
              • Your whole argument about statistics is based on the administration's official straw men (ie: exit polls were taken only in the morning...

                No, it's not.

                All I'm saying is that the exit polls that everyone complains about were the ones reported mid-election day by the media. Those were the ones that didn't match the results. Once the samples from later in the day came in, the media reported the change results of the polls, which then closely resembled the actual results.

                ...sampling is not as reliable

          • Exit polls. (Score:3, Insightful)

            by TapeCutter ( 624760 )
            "Notice exit polls are no longer conducted? They "broke" during 2000, so no news organization will have them anymore. This in spite of the fact that statistics don't "break" during only one extremely critical election, and no other. They didn't break, kids, the election totals were altered and no longer matched reality."

            Yes I did notice the story was dropped very quickly. I watched a documentry about Rove the other day (on the Australian TV station SBS). Early in the day of the election, exit polls were
      • Then its not a secret ballot. Do you really want the 1800s back, where you can get fired for not voting the way the owner of your company does?
    • Re:Paper trail... (Score:2, Insightful)

      by Anonymous Coward
      Voting machine fraud is the least of our problems these days. In the name of making voting "easier", mail-in ballots are becoming the norm. With a mail-in ballot, there is no reliable way to ensure voters are not coerced (by parents, spouses, employers, political parties, etc.). There is no reliable way to ensure the vote was not cast by an imposter, and the few means of verification that do exist can be subverted to compromise ballot secrecy. Vote against the winner, and somehow Code Enforcement receives a
  • by Trigun ( 685027 ) <evilNO@SPAMevilempire.ath.cx> on Wednesday November 23, 2005 @08:27PM (#14105163)
    Unless there is third party auditing at the time of voting, or access to the source code with definitive proof that the shown code is compiled on the machines, and the machines haven't been updated, then it's an exercise in futility.
    • Unless there is third party auditing at the time of voting, or access to the source code with definitive proof that the shown code is compiled on the machines, and the machines haven't been updated, then it's an exercise in futility.

      Actually, no. Slot machines and video poker are strictly regulated in regards to the actual object code being executed by the CPU. The various gaming commissions have hardware that is used to perform spot-checks (something like a big clip that you clamp on the CPU, and by p

      • Problem with this is that the state doesn't generate direct revenues from voting, like it does with slot machines. They'll bitch about where the money comes from, who will do the checks, what districts, what time, ect. What's more, there's a fundamental mentality of "trust us, we're the American voting system. What are you so unamerican?" to overcome.

        Is it so much to ask that the machine doesn't do any of the counting and merely prints a paper ballot that the voter can hold, look at, walk over to a votin
    • by Anonymous Coward on Wednesday November 23, 2005 @08:53PM (#14105289)
      Recently, the state of Connecticut sent mailers to households inviting voters to demo electronic voting machines, and fill out a survey. I decided to attend the one held at a local branch of our state university. There were only three machines to try out. One was a Diebold machine.

      On the two non-Diebold machines, I was allowed to vote a sample ballot as if the vote were real. The Diebold demonstrator, however, kept tight control over the Diebold machine, allowing only limited public interaction.

      I did see something very interesting about the Diebold machine. Something I didn't like at all. The "proctor" explained that during a real voting session, the voter would get a smart card from election officials, insert it into the reader on the voting machine, vote, then turn back the card. The stated reason for the card was to prevent one person from voting multiple times while standing at the machine. However, the proctor was re-using the same card to restart the session as each new person stepped up. When I asked about this, the proctor claimed that during a real voting session, no-one would have access to a multi-use card. I asked her if that was a promise, but she didn't have an answer.

    • ... A specific testing protocol was provided by Diebold and the California Secretary of State's office.

      ...negotiations remain on the procedures. Black Box Voting contends that the proposed testing violates California Election Code 19202, which governs the request for voting machine testing formally submitted to the state of California by Black Box Voting on June 16, 2005. Also, Black Box Voting identified areas of bias in the proposed procedures, which would violate normal scientific protocol and cause vote

      • Think about it (Score:2, Informative)

        by Anonymous Coward
        Think Ohio, 2004. What possible incentive would the current Administration & Congress have to insist upon making the current process transparent and subject to review? The G.A.O. report hammered Ohio and their voting machines. Reaction from our "elected" leaders? None.
  • Way (Score:3, Insightful)

    by mboverload ( 657893 ) on Wednesday November 23, 2005 @08:32PM (#14105176) Journal
    The only way to make any election truely free, all procedures, protocols, and source code HAVE to be provided.

    There is no other way. Period. So what if we look at their source? What are we going to do, take a library to use in some high school election? Any objection to a release of source code is utter lawyer bullshit.

    • How do you know the source they give makes equals the binary you run?
      • Re:Just wondering... (Score:4, Informative)

        by Pig Hogger ( 10379 ) <pig DOT hogger AT gmail DOT com> on Wednesday November 23, 2005 @09:01PM (#14105324) Journal
        w do you know the source they give makes equals the binary you run?
        It's very easy. Slots machine do.

        In Nevada, no slot machine can run unless the manufacturer gives the Nevada Gaming Commission the source code. They can then compile it and get a MD5 checksum for it.

        All they have to do then is to go in casinoes and do spot-check on some machines; all they do is plug a special diagnostic box which looks at the firmware and calculates the MD5 checksum, then compares it with the official checksum.

        • Hasn't MD5 been cracked?

          Of course an exact bit-for-bit compare should be easy enough to do if they're reading the whole firmware anyway.
          • Yes MD5 has been 'hacked'. But there are alternative hashing algorithms which are more secure.

            The point, which had been made by the parent poster was that a standard process already exists, it just happens to be used for Slot machines, not voting machines.

            Of course, I think they amount to the same thing myself.

            (The way I see it the only difference is, when you get three in a row on a voting machine they are all jokers)
        • Re:Just wondering... (Score:5, Informative)

          by JimMarch(equalccw) ( 710249 ) on Wednesday November 23, 2005 @10:08PM (#14105632)
          Exactly.

          A variant of this for voting machines would involve the distribution of the MD5s or similar on the websites of the vendors, the county governments using it, the Federal Election Commission website and the like, along with a script that will check every file on the voting machine in question for accuracy.

          A concerned voter or party rep or one of us at Black Box Voting or whatever can download all that, put it on CD-ROM.

          The county can then test the CD you bring in and make sure it contains nothing but the "checker program", mark that CD "approved", you then stick it in the voting machine(s) and run it even with very limited "geek quotient". Now everybody can trust everybody.

          --------------

          Another big issue is that the data files need to be made public. As God is my witness, Diebold and other major vendors are claiming that the database files (MS-Access in Diebold's case, SQL in most others) are "proprietary trade secrets"(!) and cannot be released by the counties under various public records laws of each state.

          This is utter BS. Hell, if you have just ONE set of Diebold data files you know their table layouts and whatnot, and many such have been published all over the net for literally years...with Diebold taking no legal action to make them go away since...well they gave up around Oct. of 2003. See also:

          http://www.equalccw.com/dieboldtestnotes.html [equalccw.com] ...for my personal collection and

          http://www.equalccw.com/liebold.html [equalccw.com] ...for a view of the first and last time they tried to have any of my stuff taken offline.

          Diebold MS-Access data files *can* hold forensic traces of vote-hacking if the hack wasn't done very professionally. So why is Diebold fighting to make sure the data files don't end up in public hands, when this "trade secrets" argument is clearly horse manure?

          Either they're messing with votes, or they're afraid some of the counties are because Diebold has made it so damned easy.

          Jim March
          BlackBoxVoting (.org)
        • I'm curious.. can't this be beat ?

          Wouldn't it be technically possible to detect such a device being attached, and subsequently 'loading' the proper firmware ? The device says it's okay, but a while later (perhaps as soon as the device is detached) the naughty firmware is loaded back ?

          If it's not technically possible to detect such a device - I take it the machines need to be opened up, at least. Wouldn't it be possible for whoever opens it up to give off an RF signal to tell the machine to load a differen
          • Wouldn't it be technically possible to detect such a device being attached, and subsequently 'loading' the proper firmware ? The device says it's okay, but a while later (perhaps as soon as the device is detached) the naughty firmware is loaded back ?

            From what I understand, verification is done with a clip that clips onto the processor. Recalling a similar process I've seen some 25 years ago, what it does is reset the processor, then toggles a special interrupt line (special in that it is dedicaced to th

          • Hmmmm.

            Yeah, these concepts have been kicked around some.

            The single nastiest:

            Let's say that in order to avoid "specialty hardware" like this meant to beat such code-checks, we went with open-source software that runs on any reasonably standard PC, bought from Dell, a local clone shop, whatever Best Buy has on sale, etc.

            But somebody REALLY wanted to hack elections, on a massive scale.

            They find some piece of "motherboard guts chip" that nearly everybody uses, or they infiltrate Intel or something, and put some
    • Re:Way (Score:3, Insightful)

      by dougmc ( 70836 )

      The only way to make any election truely free, all procedures, protocols, and source code HAVE to be provided.

      That sounds great in theory, and I'd love to agree with you, but I can't.

      Ok, supposed that you were provided source code. So how do you know that this is the actual source code that generated the code that's actually being used? (And it's not restricted to source code -- the same argument applies to the procedures and protocols that you mentioned.)

      Personally, I'd be happy with a paper

    • Re:Way (Score:3, Interesting)

      I find it a rather disturbing statement that the slot machines are more effectively audited than the vote count in the land of the free.
      • I find it a rather disturbing statement that the slot machines are more effectively audited than the vote count

        Votes are supposed to be anonymous. Slot machines really aren't. Remove the absolute anonymous nature of voting, and suddenly they could audit votes down to the exact vote. You could even look up online how your vote was tallied after making it.

        (Not that this will ever happen, mind you, but it's still something to consider.)

        Where there's money involved, everything is audited VERY car

  • by jafac ( 1449 ) on Wednesday November 23, 2005 @08:34PM (#14105186) Homepage
    What I want to know is:
    What happens when you put a Sony Music CD into a Diebold machine?

    (you just *know* they've got Autoplay enabled in there. . . )
  • When a person votes, the paper slides into a view slot: "You voted for Kang". Then they pull a lever, and the paper goes away for the next person. I think that way, you can't reconstruct who voted for who, but voters can watch for voter fraud themselves. Without letting the person view the paper trail, it could create a false paper trail as it goes along, and no one would ever know. Just a thought, I'm no expert. I was wondering how an expert would go about building a tamper proof voting machine.
    • Person marks ballot with permanent marker (like the old multiple choice tests but not eraseable). Voting machine is a form reader with a ballot box underneath. This is how municipal elections are done in Nanaimo (and I presume most other municipalities in) BC, Canada. Federal and Provincial elections are still hand-counted with scrutineers seeing (and counting) every ballot.
      • by jumpingfred ( 244629 ) on Wednesday November 23, 2005 @08:48PM (#14105267)
        Person marks ballot with permanent marker (like the old multiple choice tests but not eraseable). Voting machine is a form reader with a ballot box underneath. This is how municipal elections are done in Nanaimo (and I presume most other municipalities in) BC, Canada. Federal and Provincial elections are still hand-counted with scrutineers seeing (and counting) every ballot.

        This is how voting has been done in San Diego County in California for the past couple of elections. I personally don't think that the touch screens are going to be adding much but expense.
        • I personally don't think that the touch screens are going to be adding much but expense.

          Thats because you're doing it wrong. Computerized voting could be used to give every voter ballots in English, Spanish, Vietnamese, Chinese, Japanese, Swahili, and Mongolian Rock-Talk in their choice of font size. Computerized voting could be used to display the full text of a voting referendum. Computerized voting could do a lot of things.

          But it doesn't. Why? All one needs is a machine with blank ballot paper, and
          • Because the only reason we have e-voting is because

            (a) election officials are scared of being held responsible for another Bush-Gore style fiasco

            and

            (b) Diebold has promised them that e-voting will solve this problem. (No hanging chads with a simple binary button!)

            What's happening is a massive taxpayer expenditure to buy an inferior product lacking existing safeguards that benefits only (a) Diebold, who can siphon off federal money and (b) the election officials, who can't be personally held responsible for
    • Also, wouldn't the voter need to put the paper in the box themselves? Otherwise... "You vote for: KANG" ... *pull lever, walk out* ... "You voted for: KODOS" ... *lever goes down automatically* ... "You voted for: KODOS" ... *lever goes down automatically*
  • by zegebbers ( 751020 ) on Wednesday November 23, 2005 @08:37PM (#14105207) Homepage
    Without them, there is no way to validate the quality.

    Some people have mentioned that receipts might be valid, however this raises issues of people selling votes (or being harassed). The anonymous paper and pencil system is the best --- while corruption can lead to large numbers of fraudulant ballot papers, if the corruption is at this level, there isn't much that can be done anyhow.

    • Black Box Voting is complaining that there is no paper trail for the counting of mail-in paper ballots.

      http://www.bbvforums.org/forums/messages/1954/1303 7.html [bbvforums.org]

      "New information obtained by Black Box Voting investigator Jim March shows that mail-in votes in upcoming Nov. 8 elections will lack crucial safeguards. The Diebold "GEMS defect" -- the ability for anyone with access to change vote results on the "mother ship" that tallies and controls election results -- has now been acknowledged by Diebold, bu

    • by jbn-o ( 555068 ) <mail@digitalcitizen.info> on Thursday November 24, 2005 @12:35AM (#14106190) Homepage
      I understand what you mean, but please ask for "voter-verified paper ballots" instead of a "paper trail".

      I was part of the Champaign County Election Equipment Advisory Board in Champaign county Illinois. We were an appointed body whose job was to evaluate voting machines that would make us compliant with the new "Help America Vote Act" law. Our board heard sales pitches from a few vendors (Diebold, HartIntercivic, ES&S) and their local reps, we asked them questions, collected information, and eventually made a recommendation to the County Board (who are elected). We've given the County Board our advice and the County Board will make the final decision and sign the contracts.

      We took a field trip to Tippecanoe county Indiana and saw a Diebold voting machine, and our guides were nice enough to give us a demonstration. We were familiar with the Diebold system they demonstrated from a user and administrator's perspective, but we were stunned that the long strip of paper the machine printed was not voter-verified. The Diebold machine we saw produced this paper if the operator had a physical key and pressed the appropriate button (typically the election judge on the site would do this at the end of election day). But no voters got to see what was printed on the paper, therefore there was no way for a voter to make sure that there was any accurate written record of their vote, even a printed record that stayed with the election judges (not a receipt).

      Ostensibly, what's on the paper is a record of votes in a pseudo-random order (so as to prevent an election judge from correlating a particular voter with the printed information). But since the paper is not voter-verified, what was written on the paper is completely untrustworthy. Voters were relying on whatever the software says. Tippecanoe county Indiana is a long-time Diebold customer (since before Diebold bought Global Election Systems, if I recall correctly).

      This machine compelled me to distinguish between a "paper trail" (which the Diebold reps and the Tippecanoe county demonstrators assured us the machine could generate) and a "voter-verified paper ballot". The former simply isn't good enough.
  • by rice_burners_suck ( 243660 ) on Wednesday November 23, 2005 @08:43PM (#14105236)
    I know there have been conspiracy theories, and thoughts about voting systems being tampered with all over /. and other sites. Personally, I take those with a grain of salt, BUT , since these voting systems are closed, proprietary, and under the control of some organization that may or may not necessarily have the public's best interests at heart, I wouldn't be surprised if holes are found.

    If there's a backdoor of some kind for someone to specifically tamper with the voting results, that would be BAD, but I'd be surprised. I will not, AT ALL, be surprised, however, holes in the operating system, programs underlying the voting software proper, or so-called "middleware" are chock full of holes that someone could use. For that reason, I am very much against this process.

    My suggestion to fix the system: There is nothing wrong with filling out (or sending in, for absentee voting) a paper ballot, which, in my opinion, should be produced with anti-counterfeiting and anti-tampering technologies, similar to those employed in our currency. An electronic system could be used to optically scan and process the votes, with individuals verifying the optical scan, and this information should be entered into a database for any kind of processing that the government needs to do, along with the optical scan of the original paper ballot. Most importantly, however, is this: Each paper ballot should have an attached "carbon copy" of some type that the user keeps, which will come with a special user ID and passphrase that the user can use after the election date to log in to a secure site and verify that his individual vote was counted as he intended. This sort of public watchfulness on the voting process will create a situation in which it will become extremely difficult to alter the results.

    • I have lived all over the United States. One of the more well known voting frauds was in Chicago with Mayor Daily. Even back in the 60's, there was enormous fraud. Some of it was buying voters, others would flat out grab the box and substitute another one in. There are other places in America were this happens as well(democrats in Mississippi, republicans in Texas).
    • Each paper ballot should have...a special user ID and passphrase

      This doesn't work because we want the voter to know who they voted for, but we don't want them to be able to prove that to anybody else. If they can, that opens up the potential for intimidation or vote-buying.
  • Libertarians? (Score:3, Interesting)

    by fimbulvetr ( 598306 ) on Wednesday November 23, 2005 @08:45PM (#14105247)
    The libertarian party of all parties? I'm not a member, though I did vote libertarian last year, but I like this. I wonder if any of /.'s democrats/republicans can venture to guess why their beloved party didn't sponsor something so crucial to to keeping the corruption out of our voting. Perhaps it's because they (say: democrats) live by the old cliche: "The enemy (republicans) of my enemy (libertarians/other 3rd party) is my friend" ?

    These guys account for something like 1-5% of the vote (depending, of course), it makes sense that they're trying to get these things in line. Think I might just go pay my dues.

    • Perhaps it's because they (say: democrats) live by the old cliche: "The enemy (republicans) of my enemy (libertarians/other 3rd party) is my friend" ?

      I don't think the Libertarians are really seen as a threat to the Democrats. But the Republicans are the ones with a support group in the same league as the Democrats' so your cliche really doesn't make any sense in this case. It's just a case of mutual disagreement with the Libertarian party as to whether there is anything to worry about or not.

      Perhaps the li
      • Re:Libertarians? (Score:3, Interesting)

        by TheSync ( 5291 )
        I don't think Libertarians believe their low vote percentage is part of a massive bi-partisan conspiracy, but on the other hand there have been real examples of the Libertarian vote, small though it is, being "misplaced."

        Also there are elected Libertarians, although generally they win non-partisan elections to city councils, water and land boards, etc.
    • Re:Libertarians? (Score:3, Insightful)

      by stiggle ( 649614 )
      Democrats and Republicans are two sides of the same party. Go back far enough and they were the same party.
      They have a nice little system working for their benefit and they don't want anyone else butting in to spoit it with checks and balances.
  • Doesn't matter... (Score:2, Insightful)

    by ichigo 2.0 ( 900288 )
    While it's true that blackbox voting machines make it easier to rig elections, it doesn't matter if someone is determined to falsify the voting results. Even with purely paper-based voting, they could use the age-old technique of deception and falsify the results and documents. Maybe even put all "wrong" votes in a box and throw them in an incinerator, and make new ones with the right vote on them. Any "conspiracy theorists" could be silenced by force or public ridicule. It's suprisingly easy when you think
    • That is all quite true, but shouldnt we be doing all we can to drive
      problems out of the system? To make it harder and not easier to
      take an election by fraud?
  • It might be better to try and hack any machines that were used in a state that was more of a close call. It also might be very revealing to see if the hardware and software on those machines differs in any way from the machines here in CA. If there was some naughty stuff going on in some of those boxes, it would be better to ship out only a few to reduce the likelihood of getting busted.

  • It takes a damn long time to fully probe a device for vulnerabilities. You have to write software as you go. This is a type of software testing that must find ALL bugs without the advantage of having source code.

    Heck, the task may be provably impossible. A special pattern of button presses (reselecting candidates: Bush Nader Kerry Bush Kerry Nader Bush Nader...) could be a password that lets a voter do something foul. What is the chance of finding a 128-bit password? Uh, approximately zero.
    • Why is it so difficult for elected officials to see the necessity of full source code disclosure for voting machines?

      It can't be that they're all on the take. It must be simple ignorance, so that when Diebold says they need to keep their source code private so they can make a profit, the officials accept it.

      Still, it baffles me.
      • $$$

        If there was any sense of justice the government would just pay OSS developers to write something that at the end of the day was public domain open to scrutiny.

        But of course $$$ trumps all and if Diebold can't make MILLIONS off faulty voting boxes then the commies win!!!

        Tom
  • FYI (Score:5, Informative)

    by TubeSteak ( 669689 ) on Wednesday November 23, 2005 @09:19PM (#14105414) Journal
    From TFA:
    To put this in context, the California Secretary of State did not originate the idea and suddenly decide to invite us to a test.

    Black Box Voting formally issued a request for replication of the Hursti findings under California Election Code 19202.


    Here's the link to the specific post [bbvforums.org] detailing their request

    If the editors are listening, it might be worth fixing the /. blurb.
    That little mistake puts the issue in a wrong light.
  • by Anonymous Coward on Wednesday November 23, 2005 @09:23PM (#14105434)
    Why are they using machines to count the votes ?

    Here in Germany the voting process is 100% transparent.

    The whole country is divided into ~400000 pieces. In each of these pieces, a votingplace is established. Each votingplace is maned by 7 citicens (volunteers prefered. vacant posts are filled by selecting random citicen.).

    The voters vote through making a cross on a piece of paper.

    After the vote, the whole voting comittee counts the votes two times. After that, the votes are sealed in a bag. The result and the votes are then given to /fetched by the administration.

    During the whole process, _every_ citicen has the right to be on place and controll the work of the comittee.

    The whole process is FAST:
    Usually it only takes ~1 hour to count the votes.

    Voters don't need complicated instruction manuals (everybody knows how to use a pen, right ?)

    The whole process is reliable:
    It is very hard for a political party to man a whole comittee.

    As every citisen has the right (and many make use of their right) to be on place and to controll the work, falsifiing is extremely hard.

    Because we have a clear paper-trail, every vote can get re-counted.

    Ever tried to use a machine when there is a power-outage ? Pens work without electricity.

    The whole process is CHEAP:
    No expensive machines.
    Volunteers & citicens don't get paid.
    • by innot ( 582843 ) on Thursday November 24, 2005 @04:25AM (#14106773)
      Here in Germany the voting process is 100% transparent.
      I wish it was as it used to be, but they are sneaking blackbox voting into german elections as well.

      During the last election a few weeks ago 2.100 out of 80.000 polling stations used computers [heise.de].
      Of course they had to use computers without paper trail, computers which an expert team of the irish election commission found to be unfit for use [www.cev.ie] due to the usual issues (secret source code, no code audits etc.)

      While small manipulations of the elections would have made no difference in the resulting big coalition, remember that the two parties of the big coalition were only some tenths of a percent from each other, so a few votes in the other direction and Schröder would have remained in Office.

      I really doubt that there have been any manipulations (yet), but Germany is not safe from close calls where a smalll manipulation could make all the difference.

      Here [wahlrecht.de] is an article about two two experts who filed a protest against the results of the last election due to the use of unsafe voting machines.
  • There are about as many ways Black Box Voting can mess up this test as there are ways to cheat elections that use these easily programmed voting machines and tabulators.

    Computers are machines which we use to manipulate data. Votes are not the kind of data we want manipulated. End of case, electronic voting machines are a bad idea.

    The "paper trail" some of these machines produce is not the ballot that is actually counted, it is an auditing tool. In California only 1% of these paper votes will be compared to
  • by JimMarch(equalccw) ( 710249 ) on Wednesday November 23, 2005 @09:55PM (#14105577)
    Let's make a few points clear here.

    1) The Libertarian connection happened as a result of California Election Code 15004, which reads:

    ---
    The county central committee of each qualified political party may employ, and may have present at the central counting place or places, not more than two qualified data processing specialists or engineers to check and review the preparation and operation of the tabulating devices, their programming and testing, and have the specialists or engineers in attendance at any or all phases of the election.
    ---

    So we (Black Box Voting) approached the California Libertarian Party to team up and do up-close inspections of these voting machines, or at least explore what's possible under 15004. They hired us at a buck a day. The main result: we ended up with listings of installed software and drivers that make it obvious Diebold wasn't obeying a court order to shut down networking drivers that weren't necessary. We've complained to the California AG's office about this and Diebold's cross-connection of the San Diego central tabulator box to the Internet (also banned by both the same court order and state regulation). More details at:

    http://www.bbvforums.org/cgi-bin/forums/board-auth .cgi?file=/1954/14325.html [bbvforums.org]

    This upcoming "test hack" at the California Secretary of State's office is another matter entirely.

    This all started when we (Black Box Voting) hired Finnish security consultant Harri Hursti to help out in a "test hack" in Leon County FL where the county elections official (Ion Sancho) was worried about all this "Diebold" controversy.

    What Hursti found was pretty wild. In short: before the election, all the precinct memory cards are prepped from the central vote count box with the ballot and candidate data...normal enough. But the cards are also prepped with interpreted BASIC code loaded into all the memory cards to control the output of the summary counter printer at each precinct. Worse, if you mess around with that code loaded first at the central tabulator, you can make that end-of-day-printout read whatever you want...put in a vote-skimming routine, false numbers, whatever. Nothing in the system at the central or precinct ends checks for hashes or whatever to see if the BASIC code is legit. Said code can be date/time sensitive so that the machines will still pass Logic&Accuracy testing before or after the election. With the paper trail at the precinct dickered with, you can use the other major hack available - altering the central database of votes to match the precinct report paper. Not hard - the central database of votes is written in MS-Access so either load a commercial copy of Access and tweak by hand, or load/type a Visual Basic script to monkey with the JET database engine (the "Access back end") on autopilot.

    Net result: one thoroughly "pwned" election.

    The full report:

    http://www.blackboxvoting.org/BBVreport.pdf [blackboxvoting.org]

    Since then, *nobody* has tried to duplicate the Hursti results. If they're true, Diebold would have to do a nationwide recall and the Federally approved testing labs (Ciber Inc. in Huntsville AL and a division of Wyle also in Huntsville) would need a visit by people with badges, guns and search warrants.

    After the preliminary report on the Leon County hack was released but before the final report linked above, Bev Harris and I formally asked the California Secretary of State's office to check out the issues Hursti found, under yet another obscure clause of the California elections code, 19202:

    ---
    Any person or corporation owning or being interested in any voting system or part of a voting system may apply to the Secretary of State to examine it and report on its accuracy and efficiency to fulfill its purpose. The Secretary of State shall complete his or her examination without undue delay
    • I'm not sure a more informative reply (or at least interesting) is available in this discussion.
    • * They want US to do the hack, not them.

      Well that's about the only good thing in this list.

      * They want us to hack a Diebold optical scan version 1.96.6 system which has never been used or certified in California and has probably been modified *after* the Hursti report was released.

      What's the point in auditing something that has never been used, and for which there is not proof that it will ever be used, or that it won't be "upgraded" in the future?

      * The test conditions were to be very limited and with

      • Quoting:

        "I don't know what the right response is for you people, but clearly the state officials are being "handled" by Diebold here. You have to find some way expose or work against or break this down."

        Well we've "handled" it back so far by proposing a much more reasonable test protocol. No response yet from them.

        The thing about us doing the hack is, yes it'll be great if it's fair, but...OK, let's say the SecState's office does it, and it turns out later that what they tested was a classic "lab queen" Di
  • by Hosiah ( 849792 ) on Wednesday November 23, 2005 @11:04PM (#14105843)
    then doesn't it seem rather strange that the president who only has a 30% approval rating got elected by a majority only a year ago?
  • by MsGeek ( 162936 ) on Wednesday November 23, 2005 @11:40PM (#14105970) Homepage Journal
    http://www.openvotingconsortium.org/. A 100% F/OSS voting solution that can run on commodity hardware and F/OSS operating systems.
  • by Animats ( 122034 ) on Thursday November 24, 2005 @12:10AM (#14106093) Homepage
    The Nevada Gaming Control Board has a set of technical standards [nv.gov] for gambling devices. Those are a good, practical reference for something that has to resist tampering. Voting machine standards need to be at least as strong.

    A few excerpts:

    • A gaming device must exhibit total immunity to human body electrostatic discharges on all player-exposed areas. ... A gaming device may exhibit temporary disruption when subjected to electrostatic discharges of 20,000 to 27,000 volts DC through a network with a series resistance of 150 to 1500 ohms shunted by a capacitance of 100 to 150 picofarads, but must exhibit a capacity to recover and complete an interrupted play without loss or corruption of any stored or displayed information and without component failure.
    • Physical security. A gaming device must resist forced illegal entry and must retain evidence of any entry until properly cleared or until a new play is initiated. A gaming device must have a protective cover over the circuit boards that contain programs and circuitry used in the random selection process and control of the gaming device, including any electrically alterable program storage media. The cover must be designed to permit installation of a security locking mechanism by the manufacturer or end user of the gaming device.
    • Printer mechanisms on gaming devices must be designed to detect low paper, paper out, and paper jam conditions. The device control program must monitor the printer mechanism for these error conditions in all active game states that do not indicate error conditions.
    • All gaming devices which have control programs residing in one or more Conventional ROM Devices must employ a mechanism approved by the chairman to verify control programs and data. The mechanism used must detect at least 99.99 percent of all possible media failures.
    • All gaming devices having control programs or data stored on memory devices other than Conventional ROM Devices must: (a) Employ a mechanism approved by the chairman which verifies that all control program components, including data and graphic information, are authentic copies of the approved components. The chairman may require tests to verify that components used by Nevada licensees are approved components. The verification mechanism must have an error rate of less than 1 in 10 to the 38th power and must prevent the execution of any control program component if any component is determined to be invalid. Any program component of the verification or initialization mechanism must be stored on a Conventional ROM Device that must be capable of being authenticated using a method approved by the chairman. (b) Employ a mechanism approved by the chairman which tests unused or unallocated areas of any alterable media for unintended programs or data and tests the structure of the storage media for integrity. The mechanism must prevent further play of the gaming device if unexpected data or structural inconsistencies are found. (c) Provide a mechanism for keeping a record, in a form approved by the chairman, anytime a control program component is added, removed, or altered on any alterable media. The record must contain a minimum of the last 10 modifications to the media and each record must contain the date and time of the action, identification of the component affected, the reason for the modification and any pertinent validation information. (d) Provide, as a minimum, a two-stage mechanism for validating all program components on demand via a communication port and protocol approved by the chairman. The first stage of this mechanism must verify all control components. The second stage must be capable of completely authenticating all program components, including graphics and data components in a maximum of 20 minutes. The mechanism for extracting the authentication information must be stored on a Conventional ROM Device that must be capable of being authenticated by a method approved by the chairman.

    Nevada asked the Gaming Control Board to take a look at voting machines. After that review, Nevada went to a paper trail in 2004.

  • by Jagasian ( 129329 ) on Thursday November 24, 2005 @08:15AM (#14107201)
    I am disappointed that edjucated engineers are crying out for a paper trail on for voting machines. We can use an all computerized system that lets everybody count the votes, and is secured via asymmetric encryption. Two public lists are maintained by the government. One list contains registered public keys. This list is generated during voter registration, when a person submits their typical voter registration info along with their public key and an optional request to be anonymous. If a person is anonymous, then only their public key is added to the list, and otherwise their name is also added. When people vote, they use their own computer to cast a vote via the web, and their vote consists of a pair:

    ( public key, encrypt( private key, ( public key, votes ) ) )

    Then anybody can have access to both lists. Anything that can be observed using a paper trail is now observable via a purely computerized system. Even better, since anybody has access to both lists, anybody can count the votes and anybody can audit the system.
  • Why? (Score:3, Insightful)

    by Cervantes ( 612861 ) on Thursday November 24, 2005 @01:05PM (#14108320) Journal
    I'm a computer geek... I hate paper... I automate everything I can get my hands on. But why, why, why, would you take a system that works, with checks and balances, and replace it with one full of holes?

    Paper ballots just plain work... I can see who I've voted for. I put it in a box, under the watchful eye of at least 2 independant people. Even more independant people watch as that box is opened and all the ballots counted and recounted... and then recounted again if the margin is close. Then that number is phoned in to the central office, again under the watchful eye of people who know the total. On the other end, yet more groups of independant people add all these numbers up... and poof, we have a new Prime Minister.
    (please note that "independant group" and "individuals from several different parties" are pretty much the same in my books, as far as the "Keeping it honest" factor)

    Or, we could have a computer ballot... tap the screen, hope that it records who you REALLY voted for.Hope that the card wasn't preloaded with hundreds of votes. Then the magic box magically talks to another magic box... hope that it tells it the right stuff... or that no one intercepts and feeds a fake number.... or no-one knows how to dial in and override results... or that no-one messed with the voting box itself to delete all votes and reset them.... Then we trust the big magic box to tell us the right number... and if it doesn't, how would we know? In several states, a 2-3% swing of the vote is enough to change who is President... and who's going to know? A piece of paper in your hand saying "You voted for X" is useless, because even if that piece of paper has a unique ID that matches up with the magic box database... well, just because it says "Vote#465213 was for Candidate A" doesn't mean that's what it told the big magic box at the end of the line.

    There's no outstanding reason to switch to computers... yes, they reduce required manpower, but (at least up here) many election folks are volunteers, so the cost is minimal. And frankly, I'd rather have dozens of independant eyes watching my vote, and watching who counts my vote, rather than trusting democracy to the magic boxes made by people who publicly promised Ohio to Bush.
  • by Catbeller ( 118204 ) on Thursday November 24, 2005 @01:38PM (#14108471) Homepage
    http://www.commonwonders.com/ [commonwonders.com]

    Poll Shock
    Off by 40 points, newspaper's predictions may be disturbingly accurate

    By ROBERT C. KOEHLER
    Tribune Media Services

    November 24, 2005

    One of the most wildly inaccurate pre-election polls in memory, which was off by over 40 points on some predictions, may prove to be deadly accurate as an indicator of the problems we face as a nation with our voting process -- and democracy itself.

    But you won't learn this by reading the Columbus Dispatch, the newspaper that conducted the poll just prior to Ohio's Nov. 8 election. The paper's public affairs editor conceded to me that the poll results the Dispatch wrote about, wrongly indicating massive public support for several proposed constitutional amendments, were, in essence, the journalistic equivalent of the explosion of the space shuttle Challenger.

    "Much like the American space program, both our triumphs and our shortcomings are out there for all to see," Darrel Rowland said in an e-mail. Unlike NASA, however, which did manage to find that faulty O-ring, the newspaper's powers that be don't seem particularly interested in learning how their big public flop occurred. "We'll certainly double-check the poll mechanics," he said, "but see no reason to discontinue a methodology that's proven accurate for decades."

    And Rowland's right, as far as I can tell: The Columbus Dispatch's survey of voters, conducted by mail, has historically been a reliable poll; it has been cited for its precision in the scholarly journal Public Opinion Quarterly and is considered far more accurate than telephone surveys. There is no faulty O-ring, in other words; the methodology doesn't need changing.

    And that's why there's a story here that must not be allowed to vanish.

    The story is about how America votes, and evidence that pandemic chaos and perhaps even centrally orchestrated malfeasance are accompanying the spread of electronic voting machines to the nation's precincts. We know there's cause to worry about the state of our democracy because of the historical accuracy of the Columbus Dispatch voter poll.

    Of the five proposed amendments on the Ohio ballot, only the first -- a $2 billion state bond initiative to promote high-tech industry -- was not related to the conduct of elections, and oddly enough its results were accurately forecast in the poll (predicted yes vote, 53 percent; final yes vote, 54 percent). Then it gets hairy.

    Issue 2 would have made absentee voting easier in the state. It had lots of high-profile support, and the Dispatch poll predicted a cakewalk for it: 59 percent yes, 33 percent no, 9 percent undecided. The actual result: 36 percent yes, a whopping 63 percent no.

    Then there was issue 3, which would have lowered the campaign-contribution limits that a lame-duck state legislature had raised a year ago. Prediction: 61 percent yes, 25 percent no, 14 percent undecided. Actual result: 33 percent yes, 66 percent no.

    The results of issue 4, to control gerrymandering by establishing an independent board to draw congressional districts, were only slightly less dramatic. Prediction: 31 percent yes, 45 percent no, 25 percent undecided. Result: 30 percent yes, 69 percent no. And for issue 5, to establish an independent board instead of the secretary of state's office to oversee elections, a 41 percent predicted yes vote shrank to 29 percent, while the no vote ballooned from 43 to 70 percent.

    Ka-boom goes the Challenger.

    Here's the telling thing. The Dispatch, member in good standing of the mainstream media, has no interest in raising doubts about the integrity of the U.S. electoral system, and so hasn't looked in that direction for an explanation of what voting-rights activist Bob Fitrakis called a polling error of "Landon beats FDR" proportions.

    Instead, the paper blames the notorious volatility of statewide referendum issues. Rowland hypothesized "a huge shift in the electorate in the last few

Murphy's Law, that brash proletarian restatement of Godel's Theorem. -- Thomas Pynchon, "Gravity's Rainbow"

Working...