Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hotel Minibar Key Opens Diebold Voting Machines

kdawson posted more than 7 years ago | from the expensive-miniatures-and-macademia-nuts dept.

341

Billosaur writes, "As if Diebold doesn't have enough to worry about! On the Freedom To Tinker blog, Ed Felten, one of the co-authors of the recent report 'Security Analysis of the Diebold AccuVote-TS Voting Machine', reveals an even more bizarre finding related to the initial report. It turns out that you can gain access to an AccuVote-TS machine using a hotel minibar key. In fact, the key in question is a utilitarian type used to open office furniture, electronic equipment, jukeboxes, and the like. They might as well hand them out like candy."

cancel ×

341 comments

Why would we expect anything else? (5, Insightful)

KingSkippus (799657) | more than 7 years ago | (#16131684)

I know I'm preaching to the Slashdot choir, and it's been said a thousand times before, but as long as we have closed voting processes, we're going to have people screwing up by doing things like having voting machines accessible with hotel minibar keys. We hate Microsoft for their closed-source software, yet we continue to accept this kind of idiocy.

Quick question: If we have viable alteratives, such as those presented by the Open Voting Consortium [openvotingconsortium.org] , why do we continue to bother with these stupid Diebold machines? I know, dumb answer, because Diebold pays the people who decide lots and lots of money.

I would say write to your Congresscritters [vote-smart.org] and let them know that you want these screwed up pieces of junk out of our polling locations, but like I said, I know I'm preaching to the Slashdot choir, and you won't do it. >:-( But realistically, just know that until you do, we can look forward to many, many more articles about this kind of thing. Ooh, at least until we see the one that says, "Electronic voting machines hacked! Election results tainted!." Or even better, when we see nothing at all and Richard M. Stallman is mysteriously elected President in a write-in landslide.

sigh Oh well, it was worth a shot. Just give me my damn +5 and go back to reading about lasers on Intel's chips now.

Re:Why would we expect anything else? (3, Insightful)

daveschroeder (516195) | more than 7 years ago | (#16131718)

Open source systems are just as useless as the Diebold equipment without a permanent voter-verified paper trail.

It's no surprise that enterprise and commercial vendors of all stripes will maintain closed and proprietary software.

What we need to require is a permanent, voter-verified, auditable paper trail, as I have discussed here [slashdot.org] .

That's the easiest and simplest course of action, and is a goal we should all be working toward, rather than trying to unseat established enterprise equipment vendors.

---
Temporary disclaimer, since this seems to have been an issue for people reading my posts lately: I am not a Republican, did not vote for Bush in the last election, and have always voted for more non-Republican (usually Democratic) candidates since I have been voting.

Re:Why would we expect anything else? (5, Informative)

KingSkippus (799657) | more than 7 years ago | (#16131819)

Open source systems are just as useless as the Diebold equipment without a permanent voter-verified paper trail.

Dude, RTF Site [openvotingconsortium.org] :

The OVC recommended procedure for tabulating elections relies on a paper ballot that is then fed through a scanner into a locked ballot box so that all originals are saved in case of the need for a recount or audit.

Just for pointing that out, I want another damn +5!

Re:Why would we expect anything else? (1, Insightful)

daveschroeder (516195) | more than 7 years ago | (#16131857)

I know that they and others advocate for a paper trail; but for those reading the grandparent thinking "open source" is the solution, my point is that by itself it's not: as I said, open source is just as useless without a paper trail.

And further, initiatives designed to unseat traditional enterprise and commercial vendors in this space may have less chance of getting anything done than just simply working for a paper trail on ANY systems in use, no matter where they come from, "open" or no.

Open Source vs Open Process (4, Insightful)

Ahnteis (746045) | more than 7 years ago | (#16132134)

I think the distinction that needs to be made here is that voting needs to be an open process -- not just use open source software, but apply some of the same principles. (Mainly that ANYONE can verify the voting process is valid.) So things like paper trails, open source software, and voting officials who can actually verify what is going on (because with diebold, all they can do is lug the boxes around).

Just admit you were wrong (0, Flamebait)

Reality Master 201 (578873) | more than 7 years ago | (#16132155)

Honestly, people make mistakes. You come off as a much classier person when you just acknowledge them.

Just because you're a conservative doesn't mean you have to act like an ass.

Re:Why would we expect anything else? (5, Funny)

Anonymous Coward | more than 7 years ago | (#16131892)

All this cuffuffle about voting. We should just leave it for the President to decide. He seems to make good decisions.

Re:Why would we expect anything else? (4, Funny)

Kesch (943326) | more than 7 years ago | (#16131784)

Or even better, when we see nothing at all and Richard M. Stallman is mysteriously elected President in a write-in landslide.


The more I think about this, the more this seems to be a nice solution. Get a bunch of geeks armed with minibar keys and flash cards. Once Mario and Yoshi are the leading candidates in 14 different states, the public will be sure to take voting security seriously.

Of course you will have to deal with a huge election fiasco along with finding enough people willing to commit election fraud.

Re:Why would we expect anything else? (0)

Anonymous Coward | more than 7 years ago | (#16131874)

Of course you will have to deal with a huge election fiasco along with finding enough people willing to commit election fraud

Or a single person does this [slashdot.org] . Yes, there are some things which are probably not as easy as it seems with that method, but it should be possible to work around that!

Re:Why would we expect anything else? (5, Interesting)

TubeSteak (669689) | more than 7 years ago | (#16131936)

The more I think about this, the more this seems to be a nice solution. Get a bunch of geeks armed with minibar keys and flash cards. Once Mario and Yoshi are the leading candidates in 14 different states, the public will be sure to take voting security seriously.
Honestly, I don't think that is the solution.

A more relevant question is: What are the penalties (criminal or civil) for using a key to open a voting machine during polling and doing nothing else.

You don't have to actively fsck things up to get the machine pulled. IMHO, merely opening the machine up would make for a good act of civil disobediance.

If the punishment is not something trivial, videotape yourself in the act and release it anonymously onto the internet the same day.

Even if the election officials do absolutely nothing, it'll show up on the evening and nightly news. That will be good or bad, depending on your perspective, but will definitely be noticed.

Re:Why would we expect anything else? (3, Insightful)

FLEB (312391) | more than 7 years ago | (#16131982)

You don't have to actively fsck things up to get the machine pulled. IMHO, merely opening the machine up would make for a good act of civil disobediance.

Or, if that's even too heavy for your tastes, just get everyone you know to wear an office furniture key jewelry (on a necklace or lanyard, perhaps) on voting day. T'would make 'em nervous, no doubt.

Re:Why would we expect anything else? (1, Insightful)

Wiseleo (15092) | more than 7 years ago | (#16131948)

The GOP already does that on a regular basis... Competition is good for the business ;-)

Re:Why would we expect anything else? (1)

Esion Modnar (632431) | more than 7 years ago | (#16131988)

Assuming there were a group of people conspiring to steal the next election in a most subtle way, the best way to publicly destroy their intended means is to coopt said means for the purpose of "electing" anybody who is currently on the ballot but is obviously not in the running. The errors would be blatantly obvious, and they would have no choice but to agree with the majority that the voting machines must go. (That, or validate RMS as the next POTUS, grumble, grumble...) They'd just have to fall back on their old plans of brain-washing the masses.

Re:Why would we expect anything else? (1)

karrot (785000) | more than 7 years ago | (#16131876)

It seems the only way to make the point would be to pick a fictional character, like Wile E. Coyote (Super Genius) or the "I'm just a Bill" character, and rig the election controlled by the Diebold machines.

Re:Why would we expect anything else? (4, Funny)

RumGunner (457733) | more than 7 years ago | (#16131894)

You raise a number of valid points, and while I...

Wait a minute... Did you say lasers !?!

Re:Why would we expect anything else? (1)

wondafucka (621502) | more than 7 years ago | (#16131928)

I've got a huge pile (>300) of magnetic ribbons that say "Demand Open Source Voting" that I will GIVE away to someone that can prove they will use it as a fundraising premium to fight for open sourced voting initiatives (Or equivalent) I've offered it to Blackbox Voting and a couple of other groups to no avail. I just want them to be gone and to have them affect the world in a positive way

Ribbons [pomosideshow.com] Just email opensource at pomosideshow dot com.

Re:Why would we expect anything else? (2, Interesting)

Zaphod2016 (971897) | more than 7 years ago | (#16131932)

I propose an addition to the /. mod system: +5, it had to be said

Keep fighting the good fight, brother.

Heres why : (2, Insightful)

unity100 (970058) | more than 7 years ago | (#16132087)

Quick question: If we have viable alteratives, such as those presented by the Open Voting Consortium [openvotingconsortium.org], why do we continue to bother with these stupid Diebold machines? I know, dumb answer, because Diebold pays the people who decide lots and lots of money.

Things like Diebold are needed tools for fixing elections.

Republicans may not like it, but their candidates for the last 2 elections had the elections fixed.

Nomatter what you do, unless entire entourage of republican party officiers in counties related to suspicious activity are fired off, republican party will always carry a stain of dishonor.

Re:Why would we expect anything else? (1)

thelost (808451) | more than 7 years ago | (#16132130)

It's lasers on frikkin' sharks, or have a missed something?

If people were to turn up at their voting station and sabotage or destroy the machines, en mass I imagine they would end up in jail for a long stretch? However if it was in my own country I would be tempted to do just that. If you appeal to your congressmen and women and they do nothing, and another joke of an election took place would people be prepared to stand up against it?

Re:Why would we expect anything else? (2, Insightful)

Moofie (22272) | more than 7 years ago | (#16132204)

"why do we continue to bother with these stupid Diebold machines? "

Indeed. It's almost like the people who run elections have a vested interest in preventing anybody other than the Republicans or Democrats from controlling elections.

Shocking, that.

Where can I buy one of these voting machines? (4, Funny)

east coast (590680) | more than 7 years ago | (#16131686)

I'd like to have access to the minibar.

Re:Where can I buy one of these voting machines? (0)

Anonymous Coward | more than 7 years ago | (#16131735)

They give you the key for free. The drinks will cost you.

Re:Where can I buy one of these voting machines? (1)

db32 (862117) | more than 7 years ago | (#16132168)

Just wait until there is enough problems they start throwing them out and buy one from some surplus dump or something. Think about it...free drinks at every place with a minibar, awesome if your work has you traveling frequently. (Yes, the key is free, the drinks cost you, but if they didn't give you the key you just blame it on the last guy there or the cleaning folks, hell they are probably illegals anyways) :)

What's needed now (5, Insightful)

daveschroeder (516195) | more than 7 years ago | (#16131688)

Electronic systems - including electronic voting machines [princeton.edu] - will always be able to be tampered with, no matter who makes them, no matter what their CEOs stupidly say, no matter what ongoing audit mechanisms are implemented, whether they're open or proprietary, and no matter what legislation or other initiatives mandate or recommend them.

Finding out that computer systems can be tampered with and that some large-scale enterprise-class systems can have shoddy security, physical and otherwise, should come as no surprise to us, particularly in this community. On this particular issue, a generic security key is used because of key management issues and the fact that casual access is what's being prevented. Neither of which excuses this or any of the numerous other glaring shortcomings and flaws in this equipment. No one - citizen, politician, or party - benefits from universally shoddy security on electronic voting systems. No one.

Remember, too, that voting legislation, in large part in response to issues in the 2000 election, designed to ensure fair, uniform, and universal access to voting for all citizens by mandating electronic voting equipment, such as HAVA (2002) [fec.gov] , were Democratic and bipartisan efforts.

The real issue is that Congress screwed up: they inherently, and erroneously, believed that since we trust so many critically important things to machines, certainly reliable electronic voting is possible, and indeed, we use automation, computers, and machines in almost every aspect of our lives to increase efficiency and reliability - why should voting be any different?

Except for one problem: when you're trying to administer a one-vote-per-person system that also maintains anonymity, and also disallows any external entity from discovering who voted for which candidates, when there is no permanent, voter-verified paper trail, the system as a whole cannot be trusted, since any level of security will always be able to be overridden. This has nothing to do with open source versus proprietary, or how shoddy physical security on e-voting systems is. A permanent, voter-verified paper trail solves all of these problems.

The only problem is that no legislation mandating electronic voting systems includes or speaks to any provisions requiring permanent paper receipt printing capability. All of the major e-voting vendors - Diebold, ES&S, and Sequoia - have this capability, but it's an add-on that requires retrofitting existing equipment, or in some cases, purchasing new equipment. And that takes money many counties and municipalities - particularly in the most hotly contested areas - don't have. (Hint: it's not just poor areas that have long lines [slashdot.org] )

Our focus now should be on passing legislation that requires permanent voter-verified paper trail capability on all newly deployed e-voting systems, and allocates funds and creates a timeline for deployment on existing systems. Please, continue to raise this issue with both your county election officials and your elected representatives.

This issue is too important and too critical to the integrity of our election process to let rest.

---
Temporary disclaimer, since this seems to have been an issue for people reading my posts lately: I am not a Republican, did not vote for Bush in the last election, and have always voted for more non-Republican (usually Democratic) candidates since I have been voting.

Re:What's needed now (1)

Billosaur (927319) | more than 7 years ago | (#16131834)

Finding out that computer systems can be tampered with and that some large-scale enterprise-class systems can have shoddy security, physical and otherwise, should come as no surprise to us, particularly in this community. On this particular issue, a generic security key is used because of key management issues and the fact that casual access is what's being prevented. Neither of which excuses this or any of the numerous other glaring shortcomings and flaws in this equipment. No one - citizen, politician, or party - benefits from universally shoddy security on electronic voting systems. No one.

But there shouldn't be a key management issue; only one person at a polling place should be carrying the key to the machines at any time. Part of the issue is not just the mechanism, for cheating has been a part of voting since the Greeks were dropping clay markers in urns, but the management of the voting process. I doubt any causal person would ever stumble upon this particular nugget, but the potential is always there and it pays to add whatever extra level of security can be obtained by making the keys unique and more complex.

NOT A RECEIPT! (5, Insightful)

argent (18001) | more than 7 years ago | (#16131838)

The only problem is that no legislation mandating electronic voting systems includes or speaks to any provisions requiring permanent paper receipt printing capability.

Do not use the word "receipt" in this context. A receipt is something that you take with you, as a personal record of a transaction. A receipt is worse than useless here... you don't WANT people to be able to show the party bosses that they voted the "right way".

What is needed is a "permanent paper ballot capability", where the ballots are retained at the voting place and serve as the primary official paper (ahem) trail.

Re:NOT A RECEIPT! (1)

daveschroeder (516195) | more than 7 years ago | (#16131884)

Yes, when I say "receipt", I don't mean it as something someone takes with them, though "receipt printers" are discussed generically in this context. I am in no way insinuating or implying people should get a piece of paper to take along with them. All I'm talking about is a piece of paper that can be verified by the voter, at that time, and then gets stored in accordance with the same mechanisms we've used for voting for decades.

Who benefits from shoddy vote counting equipment (2, Insightful)

Harmonious Botch (921977) | more than 7 years ago | (#16132017)

"Finding out that computer systems can be tampered with and that some large-scale enterprise-class systems can have shoddy security, physical and otherwise, should come as no surprise to us, particularly in this community. On this particular issue, a generic security key is used because of key management issues and the fact that casual access is what's being prevented. Neither of which excuses this or any of the numerous other glaring shortcomings and flaws in this equipment. No one - citizen, politician, or party - benefits from universally shoddy security on electronic voting systems. No one."

Sorry, but I disagree with one part what is otherwise an insightful post. Some people do benefit from shoddy vote counting equipment. Who? The party machinery of the two major parties who already have people in the polling places.
There are three qualifications for a person(s) who benefits:
1) they have to have a reasonable excuse for being in physical proximity to the machine.
2) They have to have a reasonable excuse for having a key. According to TFA, this is easy.
3) They have to be part of a group for whom a small margin of change change results in a benefit. ( if a Dem or Rep gets 51% instead of his predicted 48%, nobody really suspects. When some third party candidate gets 51% instead of his predicted 3.5%, that is too obvious. )

There are people who benefit. Unfortunately, these are the same bunch of people who give their stamp of approval on voting machines. The wolves are in charge of the henhouse here.

Re:What's needed now (1)

khallow (566160) | more than 7 years ago | (#16132150)

Except for one problem: when you're trying to administer a one-vote-per-person system that also maintains anonymity, and also disallows any external entity from discovering who voted for which candidates, when there is no permanent, voter-verified paper trail, the system as a whole cannot be trusted, since any level of security will always be able to be overridden. This has nothing to do with open source versus proprietary, or how shoddy physical security on e-voting systems is. A permanent, voter-verified paper trail solves all of these problems.

No, it doesn't. It just raises the threshhold required to corrupt the system. After all, you already discussed the old ways in which ballot boxes can be stuffed, right? We need to be accurate in describing how this improves things.

About that HAVA... (1)

skids (119237) | more than 7 years ago | (#16132151)


I agree with most of your points, but HAVA was written just like all other bills get written these days, by the majority party in cooperation with the big business interests they represent. It was a snow job.

Oh yeah, and the primary lead legislator of HAVA is now on his way to jail.

It's a selling point! (2, Insightful)

garcia (6573) | more than 7 years ago | (#16131700)

They might as well hand them out like candy.

And that's exactly what the politicians are looking for.

Moo (4, Funny)

Chacham (981) | more than 7 years ago | (#16131702)

the key in question is a utilitarian type

That's the problem right there. You should never religion and state, it always makes one cross.

super key? (5, Funny)

192939495969798999 (58312) | more than 7 years ago | (#16131713)

Let me see, this key opens voting machines, mini-bars, jukeboxes, etc? Sounds pretty shiny, where do I get one! I need to add it to my lil' bastard music-copying, alcohol-drinking, electrion-throwing kit.

Can't say I'm surprised... (2, Insightful)

TripMaster Monkey (862126) | more than 7 years ago | (#16131715)


After all, these machines were never seriously designed with security in mind...they were designed to be easily compromised.

I think I'll take a hotel minibar key down to my local ATM to see if I can score some free money. If Diebold is honestly this incompetent, it'll be a snap. If, however, the voting machines are specifically designed to be compromised, I'll probably have a harder time of it.

Any bets on the outcome of my little experiment? Didn't think so.

Re:Can't say I'm surprised... (4, Insightful)

daveschroeder (516195) | more than 7 years ago | (#16131783)

After all, these machines were never seriously designed with security in mind...they were designed to be easily compromised.

That's bullshit, and you know it.

When these systems are vulnerable, it's just as easy for ANYONE to take advantage of that fact. Not one party or one political stripe.

As for ATM security:

Citibank ATM fiasco "worst ever" [boingboing.net]
ATM reprogrammed to give out 4 times more money [hamptonroads.com]
Diebold ATMs hit by Nachi worm [interesting-people.org]

Re:Can't say I'm surprised... (1)

Rufus211 (221883) | more than 7 years ago | (#16131915)

As for ATM security:

Well, the first link has absolutely nothing to do with ATMs. The second two are along the lines of what has previously been reported. However this latest breach would be as if someone could walk up, use a $5 key to open the ATM, and walk out with all the money in the system. ATMs, even diebold's, are at least built with descent physical security, unlike these voting machines.

Re:Can't say I'm surprised... (0)

Anonymous Coward | more than 7 years ago | (#16132178)

An ATM costs at least $10,000, not counting the cash you stock it with. But I doubt anyone is willing to pay more than $1,000 for a voting machine. So it's natural that the voting machine will have cut-rate security.

Might as well switch to paper ballots. The security there is non-existent (easy to 'lose' the ballots... and trivial to stuff extra ballots in) but at least there's no illusion of security. And it's way cheaper.

Personally, I suspect that election boards keep choosing voting machines -- in spite of all their problems -- because they get some kind of kickbacks. You know, travel junkets to go 'see the factory', attend workshops, and so on, with plenty of free time to see the sights, have some nice dinners, and of course no decision can be signed without a three-martini lunch.

Re:Can't say I'm surprised... (3, Interesting)

spun (1352) | more than 7 years ago | (#16132081)

That's bullshit, and you know it.

Really, do you think so? On the surface, that's a perfectly rational response, I mean, everyone has the same access to these machines, right? What's the point of deliberately making a system everyone can cheat at?

Perhaps not everyone does have the same access. Peerhaps certain voting machine companies favor one party or the other, and provide detailed instructions to their favored candidates. Perhaps something is going on further behind the scenes, giving certain favored groups privileged access to the counting machines themselves, making cheating at the machine level a moot point.

It just seems odd that a company with the skills to make ATM machines nearly impenetrable can't make a voting machine as secure. The track record of ATMs seems to rule out incompetance. Despite your scanty anecdotal evidence to the contrary, ATMs are on the whole very secure. Banks are notoriously picky about that sort of thing, and any company that could not make a secure ATM would find themselves out of the ATM market very quickly, and probably facing massive lawsuits.

What, then, is your explanation of why these machines are so insecure?

Re:Can't say I'm surprised... (4, Interesting)

Minwee (522556) | more than 7 years ago | (#16132180)

When these systems are vulnerable, it's just as easy for ANYONE to take advantage of that fact. Not one party or one political stripe.

The phrase you are looking for is "Plausible Deniability". If you design a machine that can only be comprimised by a single party then you're clearly a crook. If it can be hacked by a pre-school class with plastic hammers then you can claim to be merely hopelessly incompetant.

Re:Can't say I'm surprised... (1)

955301 (209856) | more than 7 years ago | (#16132220)

Sort of. If you are in charge of the US government, you are in charge of *a* government. And a government has inefficiencies in every section. If you deal with these in the areas that are important to you and leave them in the areas which are not, this is equivalent to putting the inefficiencies in selected places. Are you a programmer? It's comparable to a mask.

For example, let's say you have an agency that collects taxes. The tax agency has inefficiencies in it. Let's say the agency has problems with cashing incoming tax checks and reimbursing overpayments. Depending on which of these is more important to you, the efficiency will be dealt with and resolved. If you lead the government, accounts receivable are important to you and payable are not as important. Therefore the cashing of incoming checks is improved until it is almost instantaneous and overpayments are resolved once a year. Make sense? Sound familiar?

Now, let's say your government (meaning the one you control) is managed by wealthy people and you have an agency that aids regions during natural disasters...

Then, let's say your government is securely in your control, yet is responsible for collecting citizen's votes...

The inefficiencies which are important to you get attention, the one's which either benefit you or you are indifferent to do not.

The obvious solution is money (1)

WillAffleckUW (858324) | more than 7 years ago | (#16131917)

If we gave each voter their income tax refund $100 (ok, borrowed from SS reserves, whatever) in cash at the ballot box, you'd quickly see ballot machine security become very very important.

Throw some money into the equation and change the end result.

Better than Penny-Arcade (2, Funny)

TrippTDF (513419) | more than 7 years ago | (#16131720)

I just spit chipotle on my desk when I read the headline. Man, that's comedy.

Unfortunatly...

Re:Better than Penny-Arcade (1, Informative)

Anonymous Coward | more than 7 years ago | (#16132018)

Chipotle? Had to look that one up. Turns out it's NOT slang for man-juice.
From wikipedia : Chipotles (pronounced chee-POHT-lays) are smoke-dried jalapeños used primarily in Mexican- and Mexican-inspired cuisine.

I wonder what kind of moderation this post will get ;-)

Wonderful (2, Interesting)

parasonic (699907) | more than 7 years ago | (#16131722)

Call a locksmith with an IQ greater than that of a grape, and he can come up with a solution. I have NO faith in Diebold. It's just another one of those large contractors that always get the bid because they were around first. Newer companies (read, non-stagnant) could create a working product for a tenth of the cost.

And why does Diebold design these machines in such a way that they *CAN* be hacked? I think that involving an Operating System and software in the design of such a machine is a critical error. As a computer engineer, I realize that overcomplicating things can lead to errors. DSP's can make hardware extremely cheap, but there are places where analog circuits are cheaper and more realiable! Why hasn't Diebold designed a hardwired electronic circuit or a mechanical system with failsafes such that the machine can't be hacked, and the wrong candidate will not be selected if the machine fails? There are so many places where their current design can and will go wrong. I believe that it's time for these loonies (or preferrably someone else who has more sense) to come up with a more rudimentary and failsafe design!

while we're on the topic (1)

brunascle (994197) | more than 7 years ago | (#16131729)

Princeton's Center for Information Technology Policy has an excellent demonstration video [princeton.edu] showing how to hack a Diebold AccuVote-TS voting machine.

you'll need the right memory card, knowledge of the software (which you could learn at your leisure), a lock pick set or a screwdriver, and a few minutes alone with the machine

You would be amazed at what keys will open what (2, Interesting)

antifoidulus (807088) | more than 7 years ago | (#16131737)

for example, common car keys can easily open most McDonald's registers. I guess if you just go sticking enough keys into something, one is bound to work...

Re:You would be amazed at what keys will open what (1)

brunascle (994197) | more than 7 years ago | (#16131764)

they sometimes (or at least they used to) use the same key for different cars, too. my aunt once drove home the wrong VW Bug. hers was yellow. she drove home in a green one.

Re:You would be amazed at what keys will open what (3, Funny)

nizo (81281) | more than 7 years ago | (#16132109)

I think the same thing happened the last time I voted.

Re:You would be amazed at what keys will open what (5, Informative)

John3 (85454) | more than 7 years ago | (#16131867)

Most of those smaller lock cylinders use the same key patterns. Those desk drawer keys and cabinet keys use a very common key blank (usually a Y11 based on a Yale brand cylinder) and from that point there are only a few combinations of cut. Cash drawer manufacturers and receipt printer companies use the same common key, so that explains why you can open McDonald's cash registers..you can likely open mine as well. For cash drawers the key is really just functioning as a latch...same wtih desk drawers and cabinets. A determined thief will get in anyway so it's just to keep the casual thief from pulling the drawer open without delay.

For a voting machine one would hope that they would have used more secure cylinders like the round 7-pin cylinders or maybe Medeco style. The voting machine locks should be at least as secure as unattended machines that hold money, like soda machines, slot machines, even pay phones. Those machines have secure locks with tough-to-duplicate keys. I guess protecting Pepsi is more important than our protecting electoral process.

John

Re:You would be amazed at what keys will open what (1)

Tony Hoyle (11698) | more than 7 years ago | (#16131984)

I used to have a key I called my 'magic key'. It was a floppy disk holder key, and I found out it was just the right shape to open just about *any* floppy disk holder key. Then I found out it could open luggage, certain types of safe, all sorts of stuff. They didn't have voting machines then alas...

Basically if anyone lost a key and the lock looked about the right size, I'd whip out my magic key and be in it in seconds.

If as you say there are only a few combinations for that key type it explains why I had such success.

Democracy at its best (1)

telchine (719345) | more than 7 years ago | (#16131740)

I believe, in a true and open democratic system, people should be able to open ballot boxes and change the votes freely without fear of prejudice or reprisal.

frist 5tOp (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#16131742)

I'm still waiting... (0)

Anonymous Coward | more than 7 years ago | (#16131744)

For the Kennedy jokes...

nothing better than booze and vote fixing to bring out the best in us!

The point of electronic voting again? (1, Insightful)

lymond01 (314120) | more than 7 years ago | (#16131754)

Wasn't the point of electronic voting to save time tallying the votes? Without a paper trail, of course, there can be no recount, so that certainly speeds things up. But if there WERE a paper trail, everyone would be clamoring for a manual recount anyway.

I suppose, like upgrading to Microsoft Office 2003, and thus requiring better computing hardware, we did it for the economy.

Re:The point of electronic voting again? (1, Informative)

daveschroeder (516195) | more than 7 years ago | (#16131836)

Yep, that's the problem.

The "point" was to actually fix some of the problem areas from the 2000 election, in addition to things like efficiency and automation. There were Democratic and bipartisan initiatives, like the Help America Vote Act (2002), that mandated electronic voting systems, but neglected to include a paper trail [slashdot.org] .

The problem, though, that you bring up is an interesting one: even if all of the systems were totally open source and all had permanent voter-verified paper trails, [insert losers here] would still be clamoring for a recount in every election. Ultimately, the only benefit from electronic voting, then, is on the backend and in uniform management and use of the systems.

In the end, it might just be better to go back to paper (and maybe have the paper read by scanners, as some jurisdictions to now), but then we'd end up right where we were back in 2000, with claims of lack of uniformity, confusing ballots, antiquated machines, lines, and so on.

So while it seems like a no-win situation, the best we can do is still demand a permanent, auditable, voter-verified receipt process.

Re:The point of electronic voting again? (2, Interesting)

nizo (81281) | more than 7 years ago | (#16132159)

Here is what I would do to fix the problem:


Voter votes and gets a printout of his votes from machine A. He verifies that the votes are correct (if not, the printout gets shredded) and puts the printout into machine B (which signals to machine A that it got the printout). Note that machine A and machine B could be made by seperate vendors, and B also contains a paper trail in case a recount is needed.


If machine A and B don't agree, you recount the paper ballots. Gee, sounds quite a bit harder to subvert eh? With added paper ballot goodness no less.

Re:The point of electronic voting again? (2, Interesting)

grnbrg (140964) | more than 7 years ago | (#16132025)

Wasn't the point of electronic voting to save time tallying the votes? Without a paper trail, of course, there can be no recount, so that certainly speeds things up. But if there WERE a paper trail, everyone would be clamoring for a manual recount anyway.


There is a simple solution to this.

Assuming a paper trail, everything goes as normal, the polls close, and the machine spits out results -- Candidate X - nnnn votes. Candidate Y - mmmm votes, etc. These are passed up the line, however they are supposed to be.

Next, the worker in charge of the operation of that poll rolls a die 3 times. If it comes up 6 all three times, the vote box is opened and a manual check of the paper records is done. This means there is a random check of about 0.5% of the machines, which verifies the integrity of the voting machines. If there has been any widespread tampering, it will show up here. If the totals are tampered with higher up, there is the opportunity to compare the numbers published at the polls with the final totals.

But again, without a paper record, there is no way of verifying anything .


grnbrg.

Re:The point of electronic voting again? (1)

Bassman59 (519820) | more than 7 years ago | (#16132173)

Wasn't the point of electronic voting to save time tallying the votes?

Nowhere in the Constitution does it say that we must know the results of an election before we go to sleep on election night.

Our democracy can handle waiting two weeks for accurate, verified election results.

And for our next generation voting consoles... (3, Funny)

jimstapleton (999106) | more than 7 years ago | (#16131760)

We will be adding a "change everyone elses votes to" toggle for each voting option!

Re:And for our next generation voting consoles... (0)

Anonymous Coward | more than 7 years ago | (#16131992)

So the winner is contigent on how many people voted?

Re:And for our next generation voting consoles... (1)

jimstapleton (999106) | more than 7 years ago | (#16132011)

that, and the last person who voted at each machine...

We want to make things easier on our purchasers to get the votes they have earned, and deserve!

Conspriracy (0)

Anonymous Coward | more than 7 years ago | (#16131776)

Aha! It's the Democrats, not Republicans, planning a coup. While on the surface we all know Republicans frequent mini-bars, well, frequently, there is someone much more suspicious: Ted Kennedy! Ted, as you all know, has hundreds of mini-bar keys collected, well, just in the last year alone. By distributing them, while having his nephew divert attention to Republican plots, Ted plans to become president as was his God given right!

why do people still buy from this idiot company? (1)

Desolator144 (999643) | more than 7 years ago | (#16131782)

Why doesn't the gov just throw everyone at Diebold in jail on one of a large list of federal offenses such as vote altering, false advertising (saying they're safe), and probably receiving money to purposesly add security holes. These things are made in China for God's sake! They probably add a vote or two here and there for any communist party candidates. Someone who knows what the hell they're doing needs to build voting machines. Perfect security is absolutely possibly despite what anyone says, you just have to plan with security first. Logically, if they make the machine have an alert if someone does anything but walk in and vote, that would be a good first step and there are dozens of ways to make sure that the votes are transmitted to a central location axcurately and securely like recording votes onto vacuum sealed canisters with one time write-only holographics memory that's shielded as soon as it's taken out and can only be read by a proprietary laser system kept top secret from anyone else and is read at a central counting location with multiple members of each party watching a robotic arm grab each container, check its encrypted unique location ID for validity, and read from it and come up with the resulting totals. Would that all be so hard? Of course, it'd be cheaper to just pay people to hand count paper ballots :P but that's less secure.

Uh-OH (1)

corroncho (1003609) | more than 7 years ago | (#16131790)

We use diebold extensivley at our University for several of our automated transactional systems for students and such. I wonder if we ought to petition to look for another vendor. This incompetence is frightening.
____________________________________
-Five friends got theirs, I want mine, get yours too...Free iPods [freepay.com]

Who will lose their job for this? (2, Interesting)

Anonymous Coward | more than 7 years ago | (#16131795)

This is why there needs to be greater accountabiility and control over chain-of-custody procedures [cioinsight.com] when it comes to e-voting. There is no way the U.S. is going to revert back to paper at this point, and there is also no way to make any of these machines fully tamper-proof. To keep integrity in the voting process, we have to start holding peoples' feet to the fire. And we need poll volunteers who know a thing or two about how to operate these machines correctly.

Drinks inside (1)

Nom du Keyboard (633989) | more than 7 years ago | (#16131812)

Are there drinks inside? I can't think of any other reason to open it with a mini-bar key.

Oh noes... (2, Funny)

Skynet (37427) | more than 7 years ago | (#16131815)

Better keep Ted Kennedy away from those machines, or there will be vote tampering for sure!

Re:Oh noes... (1)

thbigr (514105) | more than 7 years ago | (#16131922)

Wait do you mean the mini bar or the voting machines?

I am cornfused

Re:Oh noes... (1)

Skynet (37427) | more than 7 years ago | (#16132140)

The voting machines. Many votes will be unknowingly altered as Ted roots around for the Jack.

The lock is even less sophisticated than that. (4, Informative)

JaredOfEuropa (526365) | more than 7 years ago | (#16131829)

If you watch the video of the university guys explaining the hack, you'll see a good closeup of the lock. The lock looks like a real cheapy one; something you'd find on one of those floppy disk / CD storage boxes, or the kind they put on suitcases. I betya the keys for those boxes/suitcase will open this lock as well, with a little jiggling. Hell, these locks can be opened with 2 paper clips.

further proof (1)

sammy baby (14909) | more than 7 years ago | (#16131855)

That's not a bug, it's a feature. It's also directly tied to the fact that you'd have to be drinking to approve the use of these in your district.

"Look, I'm not so sure about these..."

"Hey, no problem. Take this unit back to your hotel with you, play around with it. And hey - drinks are on us."

I for one welcome our absentee-voting overlords (1)

WillAffleckUW (858324) | more than 7 years ago | (#16131883)

and raise my mini-bar key to them in salute at their wise choice of voting via an optically-scanned verifiable paper ballot as is common with all absentee ballots, including the all-mail-in elections common to most Western states.

But I don't hold out much hope for the rest of you who voted for /A/l/ /G/o/r/e Neil Bush.

Thirsty after a hard day oppressing the unwashed?. (4, Funny)

wwiiol_toofless (991717) | more than 7 years ago | (#16131885)

With the Diebold UberFascer 6000, you can Fix elections AND enjoy a hard-earned single malt scotch!

Re:Thirsty after a hard day oppressing the unwashe (1)

east coast (590680) | more than 7 years ago | (#16132217)

Maybe this is what we need to get the voters out: Free shot and a beer with every vote.

How about online voting? (1)

yelims (160240) | more than 7 years ago | (#16131886)

If I can file my taxes online, why can't I vote online?

I'd rather see companies or governments or whoever spend more time on an online voting system than some fancy computer. I still have to drive to use the computer, so what do I care if it's a paper ballot or e-ballot.

Why you can't vote online (0)

Anonymous Coward | more than 7 years ago | (#16131960)

Um, perhaps because no one is interested in paying your taxes for you? No need to authenticate who pays your taxes. No one cares unless they don't get paid.

This is not a problem for our Administration (3, Funny)

bill_kress (99356) | more than 7 years ago | (#16131938)

Your current administration will have no problem fixing this, it's simply a case of outlawing office equipment/minibar keys.

You shouldn't be locking stuff in your desk anyway, what are you a terrorist?

As for minibar keys--it is the view of our administration that you shouldn't be drinking on business in the first place, it's not good for America! Do you really want to help the terrorists win???

We will ensure all minibars are re-keyed with special locks, the keys to which will be restricted to government employees only (Our administration has proven itself to be Above all Laws but God's, and God never said not to drink, so we therefore deserves access)

When minibar keys are outlawed, only outlaws will have minibar keys--then we know who to detain, harass or shoot (our call).

Re:This is not a problem for our Administration (1)

east coast (590680) | more than 7 years ago | (#16132188)

The previous administration would have outlawed minibar keys under the concept that the key is a tool to be used to circumnavigate security measures in a digital device.

Diebold voting machines (0)

Anonymous Coward | more than 7 years ago | (#16131947)

I opened 5 of them up with a peanut shell and made a beowulf cluster out of them!

Imagine that!

Simple semi-solution: destroy the machines. (1, Insightful)

Anonymous Coward | more than 7 years ago | (#16131950)

I've written and called all my reps about this repeatedly, and none of them care at all, and they do not even pretend to care.

I honestly thing we have no good solutions left, except to organize, and on mid-term election day, if faced with an electronic voting machine (with no paper verification of course), we must have the courage and patriotic discipline we have expected of ourselves all our lives, and destroy the machine beyond repair immediately, on the spot. If on election day, I find myself in front of a Diebold machine, I really don't know what aill happen. But if I have confidence that I won't be alone in doing the only thing morally defensible, I certainly DO know what will happen.

So. Anyone interested?

they make ATM machines for christsakes! (1)

rachit (163465) | more than 7 years ago | (#16131973)

I don't understand this.

Diebold's primary business is to make ATM machines. They obviously understand security and correctness of results. Why can't they build voting machines properly?

Imagine you hear that an ATM machine was secured by a hotel minibar key. Or that the ATM makes a mistake but the bank won't give you your money back since there is no record of a transaction? Voting machines should be built to the same level of security and accountability.

Re:they make ATM machines for christsakes! (3, Insightful)

Rob T Firefly (844560) | more than 7 years ago | (#16132033)

Diebold's primary business is to make ATM machines. They obviously understand security and correctness of results. Why can't they build voting machines properly?
They obviously can. Yet, they are choosing not to. That's why it's really frightening.

Re:they make ATM machines for christsakes! (1)

Politburo (640618) | more than 7 years ago | (#16132165)

Their voting machine group is completely unrelated to the ATM group. In fact, they bought out some other company to make their voting machine group.

Bad Article Summary (2, Insightful)

Aqua_boy17 (962670) | more than 7 years ago | (#16131975)

As if Diebold doesn't have enough to worry about!

As if the American People didn't have enough to worry about. There, fixed that for ya.

How long are we going to tolerate this?

Hmmm (1)

nizo (81281) | more than 7 years ago | (#16132000)

So basically their voting boxes are much more open than everyone originally thought? The best part of all is it sounds like basically anyone can look at/download their code and heck even patch it on local machines. Long live the open voting machine!

But It's ok! (0)

Anonymous Coward | more than 7 years ago | (#16132009)

...as an accomplished drunk I can speak from experience that bartenders are good and trustworthy people!

Terrorist conspiracy? (2, Insightful)

Iphtashu Fitz (263795) | more than 7 years ago | (#16132043)

Maybe I'm being paranoid here but this seems like the sort of thing that could easily be exploited in a really nasty way. A group of well funded [fill in your favorite conspiracy theory related group of individuals here]* could theoretically get people into key places around the country where these machines are in use then infect them with a virus that siphons the vast majority of votes to a candidate that has no choice at all of winning (Ralph Nader or something like that). Imagine the exit polls on CNN, etc. showing a close race between the Democratic & Republican candidates and then the Green Party actually winning by a landslide. Something like this would cause such an increase of mistrust of the government that election results for an entire generation would be questioned. It wouldn't be terrorism in the classical sense, but it would generate a huge groundwell of mistrust that could damage the federal government for a long time to come.

* <tinfoil_hat=on>Of course the unnamed group could even be a major political party</tinfoil_hat>

So what happens... (1)

Iphtashu Fitz (263795) | more than 7 years ago | (#16132069)

When the virus installed by the Republican Party to steal votes for their candidate interferes with the virus installed by the Democratic party to steal votes for their party and the viruses installed by all the other parties to steal votes for their respective candidates? The election ends up being determined by the party that has the best virus writers on their staff? Or does W simply void the results and stay in office after all the Diebold machines start belching smoke?

More importantly, (1)

ceoyoyo (59147) | more than 7 years ago | (#16132080)

this means you can use Diebold keys to open hotel minibars.

If they're using one of those rotary keys that you see on vending machines and some bike locks, it's actually quite easy to pick them, with the right tool. More importantly, it's quite unobtrusive... it looks just like you're using a proper key.

thoughts ... (1)

Bassman59 (519820) | more than 7 years ago | (#16132088)

here [latke.net]

-a

An idea I've been working on... (2, Interesting)

Anonymous Coward | more than 7 years ago | (#16132092)

How about the following voter verifiable scheme:

The machines print you an official receipt indicating your vote and tag it with a random number. At the end of the election, all the data (a large random number and vote table) could be posted (website and otherwise) so anyone who wanted could verify the tally and their vote.

To avoid the injection of a bunch of bogus votes, it would also be necessary to allow anyone who wanted to (specifically a representative from each party) to come out on voting night and count the turnout.

The system can also be easily extended to avoid voter coercion and untrustworthy machines.

The coercing problem comes from the fact that third parties can now insist the voter shows them their receipt to verify they voted as instructed. This can be avoided by providing every voter with two receipts. One would be their actual vote, and one the other would be, at their option, a random one or a specifically chosen alternative.

The system would then make the bogus vote verifiable, so the coercer won't be able to tell it is bogus, by searching its database for an already cast vote that matches and using the associated random number on the receipt. The individual would then be able to claims to the person doing the coercing that the fake vote is their actual vote and their actual vote is the fake vote.

The machine problem comes comes from the fact that it could rig the random numbers. For example, it could choose the numbers such that all of one candidates votes get counted under one vote, and then correct the balance (so this is undetectable) by generating counter bogus votes. This is easily fixed by requiring the random number be a combination of machine and user.

That is, the machine first selects a random number and displays it to the user. The user then enters another to multiply it by. That way, neither the machine nor the user (unless the former can do long division of very large numbers in their head) are able to determine the final random number.

This stops both the machine from being able to rig the final number and the user from being forced to (by someone attempting to coerce them). Both numbers would be printed on the receipt so anyone could verify the machine didn't cheat on the multiplication.

Note this does not interfear with the coercing avoidance scheme, as a fake vote can still easily be produced. The machine would have no problem doing the required long division to make sure the vote was verifiable (the machine cannot do this for the actual vote as it has to show its number to the user before it gets to know what the user's number is).

Re:An idea I've been working on... (1)

Bassman59 (519820) | more than 7 years ago | (#16132125)

The machines print you an official receipt indicating your vote and tag it with a random number.

So, what makes you think that the vote indicated on the receipt is the same as the vote that's actually counted?

Sweet (1)

a_nonamiss (743253) | more than 7 years ago | (#16132114)

I wonder if my Diebold Voting Machine key will open my hotel minibar! Just imagine... the most powerful key in the world...

So wait a minute.. (0, Redundant)

photozz (168291) | more than 7 years ago | (#16132145)

Does this mean my voting machine key will open the mini-bar? SWEET!!!

Re:So wait a minute.. (2, Funny)

photozz (168291) | more than 7 years ago | (#16132193)

Damn you a_nonamiss (743253)... Damn you to hell...

Apparently (0)

Anonymous Coward | more than 7 years ago | (#16132154)

Apparently, they wanted to make it easy for the Kennedys to get into them. Any one of them should already have a large collection of mini-bar keys on hand.

Brought to You by the Marketing Staff at... (1)

bayers (155001) | more than 7 years ago | (#16132181)

Brought to you by the marketing staff at Sequoia Voting Machines [sequoiavote.com] who want to thank bloggers for making Sequoia Voting Machines the number one manufacturer of voting machines in America.

DOS, here we come; a thought experiment (1, Insightful)

Anonymous Coward | more than 7 years ago | (#16132201)

What's to prevent someone doing something like this:
  1. Check into a hotel.
  2. Bring minibar key from hotel to polling place.
  3. Sign in and get in line to vote. Bring a confederate with nothing incriminating on his person (spouses work best, since they can't be forced to testify against you).
  4. Open Diebold machine and remove media card.
  5. Leave polling place. Quickly.
  6. Confederate gets into booth after you.
  7. After giving you enough time to get out of the building, confederate acts surprised that the machine doesn't work right.

OK, I'm missing the ??? and Profit!! steps, but this seems like a pretty easy way to DOS the machine. Of course, the election officials would catch on, eventually. And does the machine make a beep when it's being tampered with?

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...