• Quick note - the problem with Youtube videos not embedding on the forum appears to have been fixed, thanks to ZiprHead. If you do still see problems let me know.

E-Voting: The Next Florida?

Presented for your viewing pleasure. A six page long and horribly damning article on the current state of e-voting security and incompetent coding.
Article
Bold is mine.
To many e-voting critics, the Rubin report highlighted serious problems with federal certification processes and standards, which they say addressed the functionality of voting systems but not their security.

"If the Diebold system made it through the certification process, then the certification process is really broken," Rubin said. There was no reason to believe that systems made by other vendors were any more secure, he said.

In fact, in a certification report for the Diebold system that Doug Jones read in 1997, an unnamed certifier for Wyle Laboratories called the Diebold system, which was then called the I-Mark Electronic Ballot Station, the best of the lot. "This is the best voting system software we've ever seen," the certifier wrote.

Embarrassed by the Rubin report, Maryland commissioned its own audit of the Diebold system, hoping to dispel concerns about the machines. But that report confirmed that the machines were poorly programmed and "at high risk of compromise."

Six months later, Maryland officials hired a group of researchers from Raba Technologies -- some of whom were former employees of the National Security Agency -- to hack into the Diebold systems during a simulated election. Again, they confirmed what the Johns Hopkins researchers had found.

"We could have done anything we wanted to," said William Arbaugh, a University of Maryland assistant professor of computer science and one of the hackers. "We could change the ballots (before the election) or change the votes during the election." Amazingly, Diebold interpreted the Raba report as positive. Diebold President Bob Urosevich said in a statement that the report confirmed "the accuracy and security of ... our voting systems as they exist today."

Maryland officials seemed to agree. Despite three reports detailing serious security problems, election officials continued to support the voting machines and the vendor.

Linda Lamone, Maryland's chief election official, told reporters her confidence in the system was unshaken because it had passed "the one certification process that matters most -- an election. The system performed flawlessly and earned the trust of Maryland's election officials and voters."
Click to expand...

Performed flawlessly? How in the world do they know?

Personal opinion only, but if people are to have faith in the system then the coding should be open source and not proprietary. A voter verifiable hard copy of their vote should be displayed, maybe under glass, and then saved in the machine for possible recount if necessary.

edit to add...
Remember Windows is proprietary and not open source. Think of the flaws that have been found in that.
 
If there's a hole big enough to drive a truck through, a truck will be driven through it.
 
BobK said:
edit to add...
Remember Windows is proprietary and not open source. Think of the flaws that have been found in that.
Click to expand...

It's no worse than what Linux and Unix has.

I have come to not trust "e-voting," I think one of the solutions is to have the machine print out a "receipt" that they can then but in the ballot box which then in the future can be used in the re-count.
 
Grammatron said:


It's no worse than what Linux and Unix has.

I have come to not trust "e-voting," I think one of the solutions is to have the machine print out a "receipt" that they can then but in the ballot box which then in the future can be used in the re-count.
Click to expand...
A very simple solution.
 
SAN FRANCISCO -- At least five convicted felons secured management positions at a manufacturer of electronic voting machines, according to critics demanding more stringent background checks for people responsible for voting machine software.

Voter advocate Bev Harris alleged Tuesday that managers of a subsidiary of Diebold, one of the country's largest voting equipment vendors, included a cocaine trafficker, a man who conducted fraudulent stock transactions and a programmer jailed for falsifying computer records.

The programmer, Jeffrey Dean, wrote and maintained proprietary code used to count hundreds of thousands of votes as senior vice president of Global Election Systems, or GES. Diebold purchased GES in January 2002.

According to a public court document released before GES hired him, Dean served time in a Washington state correctional facility for stealing money and tampering with computer files in a scheme that "involved a high degree of sophistication and planning."

"You can't tell me these people passed background tests," Harris, author of Black Box Voting: Ballot Tampering in the 21st Century, said in a phone interview.

Diebold spokesman Michael Jacobsen emphasized that the company performs background checks on all managers and programmers. He said many GES managers -- including Dean -- left at the time of the acquisition.

http://www.wired.com/news/evote/0,2645,61640,00.html?tw=wn_tophead_3
 
Broward County, Florida - January 6, 2004
In a Special Election for a vacated state House Seat, 134 voters’ votes were not counted. They went to the polls, they signed in, and they went to the DREs; but their votes were never counted.

''It's incomprehensible that 134 people went to the polls and didn't cast votes,'' said Broward County Mayor Ilene Lieberman, who served on the canvassing board that oversaw Tuesday night's count.
(Source: The Miami Herald, 7 Jan. 2004; link)

A later article points out the problem election officials face: “The remaining 134 invalid ballots cannot be manually recounted because they were cast electronically on computerized voting machines and there is no written record of those votes.” The former mayor remarked, "That tells me they picked a voting machine that doesn't follow the [law]." Florida law requires a manual recount if the winning margin accounts for less the one-fourth of one percent of the votes, as it does in this case with a margin was 12 votes. But without paper records a recount is impossible.

And this wasn't the only electronic counting problem that day: "Julie Morrall, who finished fifth, lost a vote when officials discovered one ballot was actually an overvote, in which the voter selected more than one candidate, and a tabulation machine misread it."
(Source: The Sun Sentinel, 9 Jan. 2004; link)
 
The part I really don't understand is why the companies are delivering inadequate software to testing companies. The only process performed is to add 1 to a counter. We're not talking about monitoring a dozen variables in order to calculate re-entry angles and thrust burns in real time. If you can't write a decent voting program and turn a profit at the same time, you shouldn't be in business. WTF.
 
I forgot I started a thread on this a year ago

http://www.randi.org/vbulletin/showthread.php?s=&threadid=16468&highlight=e+voting+the+next+florida

Well, anyway, an update on how your vote has been given enhanced value:

"WASHINGTON - When the nation turns out to cast ballots in this fall's elections, the voting system will be in no better shape than it was in 2000, a panel of voting experts said Friday. "
http://news.yahoo.com/news?tmpl=sto...0409/ap_on_re_us/election_reforms_2&printer=1

Correct me if I'm wrong, and I'm sure you will, and I'm often wrong, all we have is the vote and the gun.
When they take away one, only one is left. My personal preference is for one person, one vote.
 
I just found this thread, and I haven't bothered to read the whole thing, so apologies if my points have been brought up before. But as a technology professional, I must say I wouldn't trust any e-voting system that didn't at the very least have the following qualities:

1) Open source, allowing for massive citizen review of the code.
2) A paper trail; I envision voters making their selection on a touch screen, their vote is recorded by printing it on a sheet of cardstock in an OCR font, and when they're finished it drops into a little window in front of them for review, with two buttons below, Accept and Reject. Accept and the vote gets scanned and recorded, Reject and it goes through a shredder and the voter tries again.
3) An isolated system. Not hooked up to ANYTHING. Also securely locked in the kiosk with no wireless technologies at all being used. You really want to stop these things from being hacked. And in the event that they are, or are suspected to have been, the OCR paper trail makes it very easy to do recounts.

That's the MINIMUM an e-voting system should be for me to even start to be comfortable about it.
 
How E-Voting Threatens Democracy
Wired News

In January 2003, voting activist Bev Harris was holed up in the basement of her three-story house in Renton, Washington, searching the Internet for an electronic voting machine manual, when she made a startling discovery.

Clicking on a link for a file transfer protocol site belonging to voting machine maker Diebold Election Systems, Harris found about 40,000 unprotected computer files. They included source code for Diebold's AccuVote touch-screen voting machine, program files for its Global Election Management System tabulation software, a Texas voter-registration list with voters' names and addresses, and what appeared to be live vote data from 57 precincts in a 2002 California primary election.

"There was a lot of stuff that shouldn't have been there," Harris said.

The California file was time-stamped 3:31 p.m. on Election Day, indicating that Diebold might have obtained the data during voting. But polling precincts aren't supposed to release votes until after polls close at 8 p.m. So Harris began to wonder if it were possible for the company to extract votes during an election and change them without anyone knowing.

Harris discovered that she could enter the vote database using Microsoft Access -- a standard program often bundled with Microsoft Office -- and change votes without leaving a trace. Diebold hadn't password-protected the file or secured the audit log, so anyone with access to the tabulation program during an election -- Diebold employees, election staff or even hackers if the county server were connected to a phone line -- could change votes and alter the log to erase the evidence.

"It was getting scarier and scarier," Harris said. "I was thinking we have an immense problem here that's much bigger than me."

Read entire article...
http://www.blackboxvoting.com/
 
Ladewig said:
The part I really don't understand is why the companies are delivering inadequate software to testing companies. The only process performed is to add 1 to a counter. We're not talking about monitoring a dozen variables in order to calculate re-entry angles and thrust burns in real time. If you can't write a decent voting program and turn a profit at the same time, you shouldn't be in business. WTF.
Click to expand...

Indeed. Your local server only has to handle, what, maybe 100 simultaneous connections at the most? This is trivial stuff. Any reasonably competent programmer/sysadmin should be able to patch together a working backend with Linux/BSD, Apache, Perl, and MySQL.
It's a project that second-year CS students could do well.
 
Diebold and the others have been in business a while.....if there's a hole in the system a truck could drive through, its there for a reason: a truck will drive through it.
Who's driving the truck?
 
subgenius said:
Diebold and the others have been in business a while.....if there's a hole in the system a truck could drive through, its there for a reason: a truck will drive through it.
Who's driving the truck?
Click to expand...

Microsoft has been inbusiness for awhile, and Windows still has many holes you could drive a truck through. These things happen. The only solution here is to make it Open Source. Not only do the public have a right to know how the voting machines work, Open Source gets more eyeballs on the code and increases the amount of testing and detection of security bugs.
 
Legislators Wary of Electronic Voting
Fri Apr 23, 8:17 PM ET Add U.S. National - AP to My Yahoo!

By RACHEL KONRAD, AP Technology Writer

SAN JOSE, Calif. - A growing number of federal and state legislators are expressing doubts about the integrity of the ATM-like electronic voting machines that at least 50 million Americans will use to cast their ballots in November.


Computer scientists have long criticized the so-called touchscreen machines as not being much more reliable than home computers, which can crash, malfunction and fall prey to hackers and viruses.


Now, a series of failures in primaries across the nation has shaken confidence in the technology installed at thousands of precincts. Despite reassurances from the machines' makers, at least 20 states have introduced legislation requiring a paper record of every vote cast.


On Thursday, a key California panel unanimously recommended banning a popular Diebold Inc. paperless touchscreen model — a move that could force Diebold and other manufacturers to overhaul their business practices nationwide. Secretary of State Kevin Shelley, who said Diebold glitches "jeopardized the outcome" of the March 2 primary, has until April 30 to decide whether to decertify Diebold and possibly other touchscreen terminals in California.

http://news.yahoo.com/news?tmpl=sto...e_us/electronic_voting_challenged_5&printer=1
 
High-Tech Voting System Is Banned in California
By JOHN SCHWARTZ

Published: May 1, 2004

California has banned the use of more than 14,000 electronic voting machines made by Diebold Inc. in the November election because of security and reliability concerns, Kevin Shelley, the California secretary of state, announced yesterday. He also declared 28,000 other touch-screen voting machines in the state conditionally "decertified" until steps are taken to upgrade their security.

Mr. Shelley said that he was recommending that the state's attorney general look into possible civil and criminal charges against Diebold because of what he called "fraudulent actions by Diebold."

In an interview, Mr. Shelley said that "their performance, their behavior, is despicable," and that "if that's the kind of deceitful behavior they're going to engage in, they can't do business in California."
...
At public hearings about the voting problems, Robert J. Urosevich, president of Diebold Election Systems, said in the company's defense, "We're not idiots, though we may act from time to time as not the smartest."

A report issued by Mr. Shelley's office on April 20 accused the company of breaking state election law by installing uncertified software on machines in four counties. It said that Diebold installed systems that were not tested at the federal level or certified at the state level, and that Diebold lied to state officials about the machines.

http://www.nytimes.com/2004/05/01/national/01VOTE.html?th
 
May 12, 2004
Executive Calls Vote-Machine Letter an Error
By JOHN SCHWARTZ

Walden W. O'Dell, the chairman and chief executive of Diebold Inc., said on Monday that it had been a "huge mistake" for him, as the head of a voting machine company, to express support for President Bush's re-election in a fund-raising letter last year. Mr. O'Dell also said the company was working to address computer security problems and build voter confidence in its wares.

In a meeting with reporters and editors from The New York Times, Mr. O'Dell by turns apologized for mistakes and stood up for what he said the company had done right.

"The country had a crisis" after the 2000 debacle, he said; his company realized that "we could help; it would be an opportunity to serve, and it would be a good business."

Mr. O'Dell drew criticism of his company in August when he sent an invitation to a fund-raising party that said, "I am committed to helping Ohio deliver its electoral votes to the president next year." He said he had not written it himself, though he declined to say who had, and intended only to sign a "party invitation."

Mr. O'Dell said that he had since dropped out of all political activity and that the company would not support political parties "so long as we are in the voting business."
....
http://www.nytimes.com/2004/05/12/politics/campaign/12vote.html?pagewanted=print&position=

No reason for concern there.
 
You must log in or register to reply here.

Back
Top Bottom