×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Opening Diebold Source, the Hard Way

kdawson posted more than 7 years ago | from the no-longer-obscure dept.

299

Doc Ruby writes to tell us about an article in the Baltimore (MD) Sun, reporting that someone sent a package to a former legislator containing what appears to be Diebold source code. From the article: "Diebold Election Systems Inc. expressed alarm and state election officials contacted the FBI yesterday after a former legislator received an anonymous package containing what appears to be the computer code that ran Maryland's polls in 2004... The availability of the code — the written instructions that tell the machines what to do — is important because some computer scientists worry that the machines are vulnerable to malicious and virtually undetectable vote-switching software. An examination of the instructions would enable technology experts to identify flaws, but Diebold says the code is proprietary and does not allow public scrutiny of it." Read on for more of Doc Ruby's comments and questions.
Maryland's primary elections last month were ruined by procedural and tech problems. Maryland used Diebold machines, even though its Republican governor "lost faith" in them as early as February this year, with months to do something about it before Maryland relied on them in their elections.

The Diebold code was secret, and was used in 2002 even though illegally uncertified — even by private analysts under nondisclosure. Now that it's being "opened by force," the first concern from Diebold, the government, and the media is that it could be further exploited by crackers. What if the voting software were open from the beginning, so its security relied only on hard secrets (like passwords and keys), not mere obscurity, which can be destroyed by "leaks" like the one reported by the Sun? The system's reliability would be known, and probably more secure after thorough public review. How much damage does secret source code employed in public service have to cause before we require it to be opened before we buy it, before we base our government on it?

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

299 comments

1st post! (-1, Offtopic)

m0ng0l (654467) | more than 7 years ago | (#16530137)

Couldn't resist!

Re:1st post! (0)

Anonymous Coward | more than 7 years ago | (#16530175)

Couldnt Resist a reply

Re:1st post! (2, Funny)

Anonymous Coward | more than 7 years ago | (#16530203)

That could change if they move Slashdot to Diebold boxes!

Re:1st post! (3, Funny)

Anonymous Coward | more than 7 years ago | (#16530223)

Hey! I made the first post and then it just disappeared! Damn new /. Diebold servers! (shakes fist)

Closed source? (5, Insightful)

insomniac8400 (590226) | more than 7 years ago | (#16530173)

I think the closed source parking garage was a perfect example why the government shouldn't let a private company control government assets or processes.

Re:Closed source? (-1, Troll)

mabhatter654 (561290) | more than 7 years ago | (#16530591)

no, that is why businesses fear open source. That city agreed to a contract, then tried to claim some kind of "soverinty" over the software because the city owned it... If they were a business, they would have been hauled to jail for tying up the people's cars... Businesses fear Open Source like the plague because they're afraid of govenments "buying" software then declaring it "Open Source" they don't have to pay.

Re:Closed source? (3, Insightful)

Tim C (15259) | more than 7 years ago | (#16530641)

Businesses fear Open Source like the plague because they're afraid of govenments "buying" software then declaring it "Open Source" they don't have to pay.

How the hell is that supposed to work? If you contract me to produce some software for you, and I use open source, you still have to pay me the agreed amount or see me in court. That's no different to me using bespoke code, COTS products or magicing it all up out of fairy dust.

Any business that's truly afraid of what you suggest needs to fire the idiots it has in charge and/or hire a lawyer.

Source code not even needed to hack these machines (5, Informative)

Salvance (1014001) | more than 7 years ago | (#16530185)

With all the vulnerabilities in voting machines, it amazes me that the states do not mandate paper trails. Someone wouldn't even need access to the source code to start changing votes. For example, in this report from ABC News on October 1st [go.com] , they discuss a method to almost invisibly manipulate both votes recorded and logs, all with only a couple minutes access to a voting machine.

Here's an excerpt:
In a paper last month, "Security Analysis of the Diebold AccuVote-TS Voting Machine," (available at http://itpolicy.princeton.edu/voting/ [princeton.edu] ) Princeton computer professor Edward W. Felten and two graduate students Ariel J. Feldman and J. Alex Halderman discussed a common Diebold machine. They showed that anyone who gets access to the machine and its memory card for literally a minute or two could easily install the group's invisible vote-stealing software on the machine. (Poll workers and others have unsupervised access for much longer periods.) Changing all logs, counters, and associated records to reflect the bogus vote count that it generates, the software installed by the infected memory card (similar to a floppy disk) would be undetectable. In fact, the software would delete itself at the end of Election Day.

Re:Source code not even needed to hack these machi (2, Insightful)

jorghis (1000092) | more than 7 years ago | (#16530303)

So how is this any different from a traditional low tech ballot box? If you allow someone unrestricted and unsupervized access to a box full of ballots its security breaks pretty fast too. While it may be possible that computerized voting could have made elections more secure than they were previously, the idea that we have taken a step backwards in terms of security seems like a stretch to me.

Re:Source code not even needed to hack these machi (4, Interesting)

maynard (3337) | more than 7 years ago | (#16530373)

The difference is that the Princeton team wrote a vote-switching virus which would spread itself through the smart cards used to tabulate votes. Thus, one infection could -- in time -- spread to any arbitrary number of machines without the knowledge of poll workers (or voters).

That outcome is obviously not possible with manual election rigging.

Re:Source code not even needed to hack these machi (3, Interesting)

perlchild (582235) | more than 7 years ago | (#16530485)

The paper ballots could be used as forensic evidence, for once. It's a LOT harder to prove who tampered with a diebold machine, since so many people have access to it(the voters touch it, for once, so not all fingerprints would be usable... Paper ballots are also divided into smaller groups(a diebold machine would replace several "ballot boxes") compounding the problem, because of the cost of the diebold machine.

I am however, not working for anyone in the US electoral system, so my information could be incorrect.

Re:Source code not even needed to hack these machi (2, Informative)

Anonymous Coward | more than 7 years ago | (#16530499)

Ballot box are never left unsupervized. That's the difference.

Re:Source code not even needed to hack these machi (5, Informative)

lawpoop (604919) | more than 7 years ago | (#16530909)

The problem with electronic voting hacks is that a single person can change entire elections, in very little time, without leaving any evidence at all.

With paper ballots, you have to come up with a lot of other ballots if you want to stuff the ballot. That takes time, material, and co-conspirators. If you want to destroy ballots, you have to take them out of the box and get rid of them. You might shred, burn, bury them, or throw them in a river. That takes time, and leaves evidence and possibly witnesses. If you want to destroy enough ballots to change an election, you will probably also need co-conspirators, and will need to avoid witnesses.

So anything you do to change a paper election will take a lot of time, resources, and manpower, where as an electronic theft of an entire election is almost instantaneous, with no witness and no evidence *.

* Aside from exit polling.

Re:Source code not even needed to hack these machi (5, Insightful)

Anonymous Coward | more than 7 years ago | (#16530587)

FUCK A PAPER TRAIL. We need PAPER ELECTIONS. Just that simple. Can paper elections be rigged? Of course they can. Can they be rigged as easily, as invisibly, as completely as digital elections? Hell no. What's mind boggling is that there's even a debate here. Get rid of digital voting machines. Hell, get rid of ANALOG voting machines. Piece of paper, ink pen, padlocked metal box. That's how sane people run elections. The notion of there being anything worth debating here is nothing but complete bullshit.

Re:Source code not even needed to hack these machi (3, Insightful)

Anonymous Coward | more than 7 years ago | (#16531073)

I think everyone knows this. Your friendly government officials know this. The unstated is the fact that Diebold spends large sums of money on lobbying. People in government are afraid to rock the boat. This is a byproduct of bureacracy. People will be punished for standing up to do the right thing.

It wouldn't take much to do a manual vote count, but you see, in the end, greed rules. Greed causes harrassment, frivolous lawsuits, bogus investigation by government (the whistle blowers are a menace, you see), etc.

Hopefully (3, Interesting)

PainBot (844233) | more than 7 years ago | (#16530187)

Hopefully more people including journalists will receive that, have experts look at it and expose the scam.
Sounds unlikely though, since this is all illegal.

Re:Hopefully (2, Interesting)

Anonymous Coward | more than 7 years ago | (#16530487)

All she has to do is to send the code to a Swedish official, then it will be covered by the "Offentlighetsprincipen" (god knows how to translate this to American, it means that any citizen can claim it for review) as were the secret bible of the scientologists some years ago.

Re:Hopefully (1)

mabhatter654 (561290) | more than 7 years ago | (#16530653)

journalists print stolen/illegally obtained materials all the time... Look at how bad Apple leaks/ HP board directors have gotten... Diebold will probably illegally track and spy on it's employees to find the leak... maybe we can get them that way.. or maybe the Republicans will just get the cops to do it illegally for them.

Re:Hopefully (4, Insightful)

megaditto (982598) | more than 7 years ago | (#16530919)

Don't be caught by this bullshit bait.

What we need is legal access to the actual code (+source, compiler, bootstrap process) running on the machines, not an illegal access to a piece of code someone chose to 'leak'.

And more importantly, we need voter-verified paper trail.

Open source & Availability (3, Interesting)

The Amazing Fish Boy (863897) | more than 7 years ago | (#16530197)

I don't know. I mean, I'm not sure of the details of the current system, but is the software available before the election?

If not, it is more secure in a way, since malicious users can't test exploits on it before the election, and then they have limited timeframe to do that during the election. If it's open source, and up for review, someone could find the exploit and not tell anyone, right?

This is just my initial reaction to the idea, so I might be way off. Any thoughts?

Re:Open source & Availability (0)

Anonymous Coward | more than 7 years ago | (#16530431)

People find alot of exploits in Windows without the Source Code. Admitadly they do have the OS in their hands for quite alot of time. Diebold systems though all use a similar operating system (Windows XP embedded) and software written in a similar manner (often as webpages actually, a friend of mine got an ssh session up on one of those). So given a few assumptions about similarity, I don't see the code as a requirement for finding an exploit. Sure linux has exploits, but I think it's fair to say that it generally has fewer than windows, and hopefully voting software will be alot smaller than linux, and thus alot easier for wankers like me to read the entire thing and thus make sure it makes sense. One of Diebolds ATM's crashed on our college campus a couple of years ago and some students had it playing music using the builtin Windows Media Player, that didn't even require an exploit. I admit that I don't know if their voting machines run XP embedded, but given the rest of their systems it's still extremely probable.

Maybe it's time for people to use a "slow" typesafe language and then sit down and write a complete proof that the system will do exactly the right thing? This seems like maybe one of those times where correctness is more important than speed. It's been done before for all sorts of things, missiles, airplanes, car systems, back when people used ADA or Pascal instead of C++ for serious coding. Hell if they write the code in a decent language and release it, I'll write the proof for them (while all the while my tax dollers go to pay them, wow what a broken system).

Re:Open source & Availability (1)

c_forq (924234) | more than 7 years ago | (#16530489)

That may be a solution, release the code after the election, and run checksums on all the meachines. But that would require changes in code for every election so people can't depend on exploits they may find.

Repeat after me: (1, Insightful)

Anonymous Coward | more than 7 years ago | (#16530497)

Security through obscurity DOES NOT WORK.

..it might make you a lower profile target in certain situations but if somebody does target your system, it will be WEAKER than if it had been fully open to scrutiny from the beginning.

Unusual scenario (0)

The Amazing Fish Boy (863897) | more than 7 years ago | (#16530583)

Repeat after me: Security through obscurity DOES NOT WORK. ..it might make you a lower profile target in certain situations but if somebody does target your system, it will be WEAKER than if it had been fully open to scrutiny from the beginning.

Generally that might be true, but in this particular situation I'm not sure your bumper sticker applies.

To take this to the extreme, let's say you're only going to be able to use the software in question for thirty seconds. Which of these solutions is going to be more secure?
  1. Open source program available months in advance
  2. Closed source program unavailable

For the first option you have months to find all the exploits you can, and thirty seconds to exploit them. For the second option, you have thirty seconds to find and use the exploits.

It seems to me the second would be more secure.

Re:Unusual scenario (4, Insightful)

ip_fired (730445) | more than 7 years ago | (#16530815)

These machines exist more than the 30 seconds that you'll be using one. Someone who is dedicated could get their hands on one (through old fashioned thievery) and then have the months you mentioned probing for exploits. Then they still just need 30 seconds to exploit it. The point is, now I have to place *my* trust in this machine, without knowing how it tallies everything.

Keeping the source code hidden doesn't stop people from finding exploits, but allowing the source code to be open allows the public to see how their vote will be tallied (well, those who have programming knowledge, but I would be more likely to trust it several groups did a code audit and signed off on it).

Re:Unusual scenario (1)

jonnyelectronic (938904) | more than 7 years ago | (#16530867)

Indeed, you are correct. But in security through obscurity, you are assuming that no-one will have access to your source code/and or "secret" information. The fact is that instances such as this source being leaked show that these obscure rather than secure secrets will make it into the wild.

With large organisations it's only a matter of time before a determined person/group has access to your code.

At least with open source, you have lots of eyes on code, and you hope that at least one non-bad person spots your flaw and points it out. With closed source, anyone who has gone to the trouble of getting your source code is likely to be up to no good.

Re:Open source & Availability (5, Insightful)

N3Roaster (888781) | more than 7 years ago | (#16530529)

It's true that with open source, someone could potentially find a flaw, not tell anybody about it, and then exploit that flaw to manipulate an election. Why would someone do that? Obviously to advance an agenda, either by getting a win for a particular candidate who supports that agenda (so you'd want to manipulate the votes in a sneaky way) or if your agenda is getting rid of these voting machines, producing results that are clearly absurd (landslide victory for the Stallman write in campaign). I think the former is more subversive and likely to have financial support either from the candidates themselves or organizations supporting those candidates. Given this, it is reasonable to assume that if you are going to fix the vote for the win, your opponent will too, which means you need to either escalate the fraud operation, increasing the risk such fraud will be exposed, or you need to prevent your opponent from taking advantage of the flaws by having them patched and using that labor you saved by not escalating to instead get out the vote.

I might also be way off in this analysis, but I think having the code open to public scrutiny and the hardware securely locked down (any potential tampering should be evident) would be the way to go if computers are used at all.

Re:Open source & Availability (1)

AnonymousCactus (810364) | more than 7 years ago | (#16530701)

The software is available before the election. Someone has to write it and someone has to put it on all those voting machines which then have to be sent out to all those polling stations.

Most people will cite the important security principle that security through obscurity is no security at all because someone must always have access. There's always at least an inside person that will no what's going on and people are fallible.

I come down somewhere in between. Obscurity is good - getting past the human element provides one more hurdle a potential enemy would have to get past. It's not good by itself though because you wouldn't want that to be your only barier and it's not good if it means that fewer people will review the code for potential errors

I say, don't release it to the public, but require that DieBold's machines/code pass independent security checks by people like the folks at Princeton or they don't get used.

That is if you believe electronic voting is a good idea at all...

Re:Open source & Availability (1)

Jah-Wren Ryel (80510) | more than 7 years ago | (#16530725)

I mean, I'm not sure of the details of the current system, but is the software available before the election?

Of course it is available before the election, they don't just code it up on the spot.

Just because it is not widely available does not mean it is not available to a sufficiently motivated organization. When you consider the hundreds of millions of dollars spent on campaigning, it is not hard at all to envision a situation in which an insider is offered a couple of million dollars to provide "early access" to the code. It is no giant leap from that to paying an insider a couple of million dollars to insert some specific code into the system too.

Re:Open source & Availability (4, Interesting)

mabhatter654 (561290) | more than 7 years ago | (#16530747)

the whole issue revolves around that issue. The machines sit in closets for 6 months then are drug out for an election. Diebold is supposed to be installing and using certified software, but they can't even do that right. The issues started because Maryland election officials were catching Diebold personel putting patches on without the proper paperwork... and they got VERY upset, wanting to know what they were doing. Even the company refused to cooperate... private software and doing their job and all.

That's what's so screwed up about all this, even Diebold employees weren't following their own companies rules and election offical rules (remember they are the customer). Several Diebold run elections have had outcomes highly suspect... and Diebold is answering concerns with contept for the customers and citizens instead of openness and cooperation.

Nuanced distinction (4, Insightful)

benhocking (724439) | more than 7 years ago | (#16530199)

What if the voting software were open from the beginning, so its security relied only on hard secrets (like passwords and keys), not mere obscurity, which can be destroyed by "leaks" like the one reported by the Sun?
Of course, passwords and keys can also be destroyed by leaks. The important distinction is that - if you're aware of the leak - it's much easier to assign a new password/key than to fix the software.

So basically (1)

valkabo (840034) | more than 7 years ago | (#16530207)

In the grand scheme of things i think this lies between the HL2 source code theft, and a bag of dorito's I stole in 7th grade. Not gonna do a whole lot of good for anyone anywhere.

What is the specific "problem"? (5, Insightful)

khasim (1285) | more than 7 years ago | (#16530225)

#1. Flaws in the code that could be exploited by anyone who knew them. The classic "security via obscurity". This is just plain stupid.

#2. Trade Secrets would be revealed. So Diebold has some ingenious work in the system that it does not want revealed.

#3. Stolen code would be revealed. So Diebold illegally incorporated code from someone else in their product and doesn't want anyone to see it.

#4. Legal code re-use. So Diebold uses the same code on their ATM's as their voting machines and they worry that anyone with access to the voting code could POSSIBLY find a flaw in the ATM systems.

Anyone have any other possibilities?

Re:What is the specific "problem"? (4, Insightful)

CosmeticLobotamy (155360) | more than 7 years ago | (#16530421)

#5. They're just selling cheap-ass computers running a crappy piece of software at a hideous mark-up, and they don't want to have to compete with 50 other companies selling the same cheap-ass computers running the same crappy software, or software just different enough not to violate their copyright.

Re:What is the specific "problem"? (2, Funny)

camperdave (969942) | more than 7 years ago | (#16530531)

Diebold uses the same code on their ATM's as their voting machines...

So I could withdraw $200 from my account when I go to vote? Or perhaps $party could buy my vote right at the voting booth.

Re:What is the specific "problem"? (3, Insightful)

Cracked Pottery (947450) | more than 7 years ago | (#16530791)

#5. Code that is so negligently flawed as to suggest the desire to make the machines subject to abuse, subjecting Diebold to untold economic damages and possible criminal investigation.

Re:What is the specific "problem"? (2, Insightful)

VoidEngineer (633446) | more than 7 years ago | (#16530913)

#5. They're using MS ACCESS "database"?

WTF? My blood started boiling when I read that! **Access**?????

Don't you have a Parliament ? (-1, Troll)

BearingSpacer (755463) | more than 7 years ago | (#16530233)

Don't you have elected representatives ? something like a Congress, a Senate ? I don't know, somewhere where elected representatives defend the people who elected them... or is it already Megacorporations that appoint them, making you believe your votes mean something ?

Re:Don't you have a Parliament ? (0, Troll)

ResidntGeek (772730) | more than 7 years ago | (#16530297)

The second one. But nobody here ever does anything about it besides vote third party and whine. Guess how much that helps?

what is good for the good is good for the gander (4, Insightful)

FudRucker (866063) | more than 7 years ago | (#16530235)

if Diebold has done nothing wrong then they should have nothing to hide, that includes sourcecode, open the sourcecode and allow peer review by experts like those that build BSD & the Linux kernel

Re:what is good for the good is good for the gande (-1, Flamebait)

Homology (639438) | more than 7 years ago | (#16530417)

if Diebold has done nothing wrong then they should have nothing to hide, that includes sourcecode, open the sourcecode and allow peer review by experts like those that build BSD & the Linux kernel

Peer review should by done by those that cares about security. For the Linux kernel, security comes after features and performance, so people with the mindset of OpenBSD developers are better for this kind of peer review. Note that there are Linux developers that cares about security, but the Linux community in general seems not to care that much.

Program complexity (5, Insightful)

NJVil (154697) | more than 7 years ago | (#16530255)

Apart from a layer of security, just how complex does the software have to be?

(Clear all variables)
Enter selections
Hit accept/enter
Accumulate values for all selections
Clear screen
(Repeat)
Export at end of election

Why the hell does something of this level of incomplexity even need to be closed source?

Re:Program complexity (0)

Anonymous Coward | more than 7 years ago | (#16530365)

Because if they made it that simple they couldn't charge so much for it with a straight face? (I suspect the could, but...)

There may be some logging+security involved I guess..

Re:Program complexity (4, Insightful)

From A Far Away Land (930780) | more than 7 years ago | (#16530473)

"(Clear all variables)
Enter selections
Hit accept/enter
Accumulate values for all selections
Clear screen
(Repeat)
Export at end of election"

You forgot the most important steps, and the reason these machines are a scam:
- ??? [Elect who corporation pays for]
- Profit!

TEXT TO SPEECH (1)

Joe The Dragon (967727) | more than 7 years ago | (#16530551)

TEXT TO SPEECH code is needed for blind people.

Re:TEXT TO SPEECH (0)

Anonymous Coward | more than 7 years ago | (#16530639)

TEXT TO SPEECH code is needed for blind people.

No it's not. Audio files, maybe. But not text-to-speech.

Re:Program complexity (1)

psyclone (187154) | more than 7 years ago | (#16530557)

Apart from a layer of security, just how complex does the software have to be?
This software was developed with resources from government contacts. By that definition alone, it must not be simple software.

Why the hell does something of this level of incomplexity even need to be closed source?
If the hardware and software were open source, the public could discover that the hardware/software allows the altering of votes. Thus, to ensure government contracts, granted by people/parties that wish to stay in power by altering votes, the source must remain closed and secret.

Guaranteed only copy... (3, Funny)

flyingfsck (986395) | more than 7 years ago | (#16530347)

Of course, the copy now in possession of the legislator/FBI is the only copy, right? So, if the FBI can just keep this *one* copy off the streets, then everything will be fine, right? Putting it on a web/FTP server is not possible, right?

Cracker or insider? (4, Interesting)

WindBourne (631190) | more than 7 years ago | (#16530361)

If this is an insider, then I have to guess that it is somebody who is concerned about some piece of the code. Otherwise, I would guess that it is a cracker who was able to break through the famous Windows security at diebold and grab the source.

There should be a law ... (1)

dkarma (985926) | more than 7 years ago | (#16530367)

that says that all vote tallying on these machines MUST BE DONE bY HARDWARE and not secretive software that frankly has more security flaws than an IE browser on 0day. I'll never vote on a diebold machine. Demand paper ballots.

Re:There should be a law ... (1)

phantomcircuit (938963) | more than 7 years ago | (#16530445)

Actually hardware would be even worse as the flaws would be unfixable and nearly impossible to trace. (Hardware reverse engineering on a microchop leve? lol)

Things that make you go hmmm... (0)

Anonymous Coward | more than 7 years ago | (#16530369)

When code is hacked or stolen, it usually winds up posted on the net.
This was sent to a former legislator. Maybe from an insider trying to show evidence of election fraud???

Yes I do live in my parents basement, and I AM wearing a foil hat. But that doesn't mean I'm wrong.

On a related note (4, Interesting)

value_added (719364) | more than 7 years ago | (#16530381)

I saw on Lou Dobbs [cnn.com] yesterday a piece that showed election officials rushing out to hire grad students to help out with the coming election. The reasoning was that widespread failures (mechanical, networking, software, etc.) were expected and election officials and staffers unanimously considered themselves as both unprepared and unable to deal with anticipated problems. A quick search for election jobs [monster.com] seems to validate the story.

What's in the code? (5, Interesting)

HangingChad (677530) | more than 7 years ago | (#16530385)

Or maybe they're worried that the code contains evidence of tampering with election results? Otherwise it's just code. Just because it's public doesn't mean Diebold loses their copyright.

But if that code contains evidence of treason...which is what tampering with election results would be...then anyone involved deserves to be stood up against the nearest wall and shot. Then leave the bodies as a permanent reminder to anyone else thinking about ballot stuffing.

The real question is if the results were rigged, what's that do to the Bush presidency? It would seem to invalidate the '04 election. That means anything he's done while in office should be voided and Kerry should be allowed to serve out the rest of his term. It gets really interesting to consider that the deciding vote on the Supreme Court would be one of those invalidated actions.

Re:What's in the code? (1)

Renraku (518261) | more than 7 years ago | (#16530749)

Treason only counts if the crime was committed against the country. Obviously we do not live in a democracy (electoral college, anyone?). The most it would be is a civil matter versus the guy who lost and the guy who won.

Maybe fraud and a felony.

Invalidate Bush? (1)

krs804 (986193) | more than 7 years ago | (#16530967)

Only if removing Maryland's votes would have resulted in his defeat. Remember, Maryland was a blue state.

You assume Kerry did'nt also stuff ballots. (1)

HornWumpus (783565) | more than 7 years ago | (#16530975)

Bad assumption.

Would your opinion change if it was D operatives caught red handed paying for votes? They were! (Packs of smokes to bums for a vote.) Up against the wall for at least the lady caught in the act.

Re:What's in the code? (5, Interesting)

Sven Tuerpe (265795) | more than 7 years ago | (#16531095)

Or maybe they're worried that the code contains evidence of tampering with election results?

My favorite conspiracy theory at this point is this:

If you were in a position to tamper with election results by manipulating the code of voting machines, what would be the most obvious cover-up?

Exactly. You would make sure that a clean version of the code "leaks", which shows no evidence of any tampering whatsoever.

E4? (-1, Troll)

Anonymous Coward | more than 7 years ago | (#16530393)

As WideOpen, Can connect to ddeper into the 800 w/512 Megs of Smells worse than a

It doesn't make sense (3, Interesting)

not already in use (972294) | more than 7 years ago | (#16530401)

Proprietary or not, software used in something so critical as our democratic process *should* be under the scrutiny of some sort of bipartisan government software auditing group. Whether or not its completely open, doesn't matter. The fact that democrats haven't attacked this issue further convinces me of their incompetence.

Re:It doesn't make sense (2, Insightful)

Anonymous Coward | more than 7 years ago | (#16531053)

The fact that democrats haven't attacked this issue further convinces me of their incompetence.

Silly boy. It's not imcompetence.
They know full well how 'useful' these voting machines are to the entrenched PTB, and they're busy working on their own code exploits for the next election.

emmm.... (1)

lagartoflojo (998588) | more than 7 years ago | (#16530419)

How do you "illegally uncertify" something?

Re:emmm.... (1)

DumbWhiteGuy777 (654327) | more than 7 years ago | (#16530543)

It means that it has to be certified. That is, if it's not certified, it is illegal.

Re:emmm.... (1)

lagartoflojo (998588) | more than 7 years ago | (#16530719)

I'd say that, the way kdawson phrased it, it means that someone didn't certify it illegally... which doesn't make sense. In any case, the article that he points to makes sense: "Documents show Maryland held election, primary on uncertified, illegal Diebold voting machines."

Re:emmm.... (0)

Anonymous Coward | more than 7 years ago | (#16530565)

Someone's failed reading comprehension or is just being too literal. Is this expanded sentence, true to the original sentence, clearer for you?

"even though [they were used] illegally [as they were] uncertified"

Re:emmm.... (3, Insightful)

mabhatter654 (561290) | more than 7 years ago | (#16530861)

simple, their software guys tag a version as production, and ship it off to the certifing authority. That version then satisfies the election officals for "honesty". What Diebold employees were doing was using uncertified patches at the last minute to fix bugs... hours before or even DURING the elections!!! The "company line" was that it was "necessary" for the election, and officals had to accept it or not have voting machines available.

If that's not suspect action then what is? Isn't that the very method of vote tampering we're all discussing?

Disappointed! Period. (3, Interesting)

bogaboga (793279) | more than 7 years ago | (#16530433)

As an American, I am disappointed in this story. If it's true, then we in the USA are not much different when compared to folks in third world countries. Why on earth, would a machine proven to be very prone to compromise, be allowed to be used in the conducting of free and fair elections.

What about the integrity of the elections?

Isn't this kind of stuff the kind of thing that a typical American would not be surprised if it were reported as having happened in the so called 3rd world countries?

What troubles me also is the fact that after all this, our government goes on preaching democracy. I am disappointed! Period

I forget the Link... (1)

BlahSnarto (45250) | more than 7 years ago | (#16530439)

There is actual video of some analyst who was hired
by some political party to "fudge" the programming of
the voting booth wish i had the link with me..

anyone else rember hearing about this?

Re:I forget the Link... (0)

Anonymous Coward | more than 7 years ago | (#16530695)

That'd be Clint Curtis. He's presently running for Congress in (of course) Florida against the Republican Tom Feeney who, according to Curtis's sworn testimony, personally asked him to write the vote-hacking software.

Slashdot readers of all people ought to understand exactly how and why Digital Voting Machines are a Very Very Bad Idea. It's like writing a 2000 line shell script to accomplish the same thing as "rm ~/us_constitution.txt" - there's simply no need or justification, UNLESS YOU ARE UP TO NO GOOD.

Pen. Paper. Locked metal box.

Elected officials are teh suck (3, Informative)

An Onerous Coward (222037) | more than 7 years ago | (#16530451)

Morrill said two of three disks were never used and that the third was version 4.3.15c, which was used in Maryland during the 2004 primary.
Ross Goldstein, the state's deputy elections administrator, said Maryland now uses version 4.6 and that the public should be confident that their votes are secure.
The disks contain "nothing that's being used in this election," Goldstein said.
This is just sad. We've all seen the security warnings that say, "this exploit affects all versions before 1.51.rc3." Code gets reused between versions, especially between minor revisions. Very likely, whatever vulnerabilities are found in this version are still present.

What he's really saying is, "please, please, please believe that I didn't screw up as badly as it appears I screwed up. Just pretend that the machines are secure, and that democracy as we know it is not in danger."

Wave your rights.. (5, Insightful)

msimm (580077) | more than 7 years ago | (#16530465)

Voting is public. How can a company legally be allowed *not* to disclose the mechanics of a system built to be used in public elections. What .. we should just assume we can trust the democratic system in the hands of big business? Every programmer? Every engineer? They might as well just hire a bunch of staff that go house to house promise to vote for us.

There are lots of things that you should be able to keep secret, but not how my voting system works. We might as well do away with it altogether.

Politics of Open Source (2, Informative)

Gracenotes (1001843) | more than 7 years ago | (#16530471)

When a non-geek hears about open source, whether it's a layman or member of a spy agency, they shrink away, basically thinking that open ROM (hardware, software) is open RAM (data transfer), if they could phrase it as such.

Well, those people might not vote in the election either because "It's pointless. Those kids are going to go straight off of my lawn and onto that election-hacking machine of theirs" or "My vote won't count", the latter of which is age-old.

So I agree with the concept making voting open source. In my subjective slippery-slope universe, this will cause news-ussavvy "I voted Democrat since 1948" non-nerds not to vote and have the generally better informed of us vote. (Sounds elitist, I suppose.) Top hackers across the country could review the code for vulnerabilities, instead of us downloading "Diebold Security Patches" every 2 minutes under the current system. I realize that the US government will almost never accept this, but in my opinion it's good anyway, and maybe as secure as a completely hidden source code.

Of course, Diebold would lose profit. But that's a sacrifice they'll have to make for the red, white and blue, for the eagle soaring above, soaring... majestically! and the Americanness (Britishness) of apple pie (cobbler) all those other American cliches.

Open Sourcing questions (0)

Anonymous Coward | more than 7 years ago | (#16530571)

Can someone explain why it would be so bad to have this sort of stuff handled by a .Org ngo? .Org's Are suposed to stay politically unbiased and nuetrall presenting as many aspects of a issue as are available for example.

What's keeping America from having votes from the web as a option? Given countless examples of web pages that use a huge variety of methods to reasonable ensure one person one vote-is is possible somone or something has an agenda? Who or what do we trust more- a person with any number of reasonable resons to skew a vote or a mechanical process in wich a vote is automatically secured and sent to the proper location?

Why are they-election officials-allowing someone to use Acess wich is poorly equiped to handle the kinds of security issues needed to ensure a reasonable safe system? Who stands to gain? and Why? Why are they even considering a closed source system, they must be aware of the number of questions that'd come up.

Voting computers in The Netherlands (4, Informative)

Anonymous Coward | more than 7 years ago | (#16530595)

Here in the Netherlands there is a group under the name of (translated) "we do not trust voting computer" (http://www.wijvertrouwenstemcomputersniet.nl/ [wijvertrou...ersniet.nl] in Dutch) who is actively discussing the accuracy and validity of voting computers. They posted on YouTube (http://www.youtube.com/watch?v=B05wPomCjEY [youtube.com] ) a movie about how to scan the machines about what they registered as a vote. I think that software ruling democracy should be open source just as the entire democracy should be transparant.

They even posted a security analysis (in English) of the voting computer used in the netherlands http://www.wijvertrouwenstemcomputersniet.nl/other /es3b-en.pdf [wijvertrou...ersniet.nl] .

Just Plain Dumb... (2, Insightful)

masdog (794316) | more than 7 years ago | (#16530669)

On everyone's part. I know that electronic voting is the way of the future, but a closed source, no-bid electronic voting system going to a large political contributor is just asking for trouble.

I hope some states get the balls to review the code or implement their own system.

Homer J Simpson for President (1)

NoseSocks (662467) | more than 7 years ago | (#16530675)

Until a large, dispersed group of people break into a large number of these machines and rig the elections so that "Homer J Simpson" is the presedential victor in multiple states, we aren't going to see the government persue a real alternative to these proprietary magic voting machines.
I wonder how many people will say "Woo hoo!" and how many will say "D'oh".

Count em' by hand (4, Informative)

PenGun (794213) | more than 7 years ago | (#16530699)

It's very hard to beat and scales effortlessly. We've been doing it in Canada for a long time. Usually takes 4 - 5 hours after the last poll closes. Why do it the hard and screwed up way?

    PenGun
  Do What Now ??? ... Standards and Practices !

Why did they send it to him? (0)

SeaFox (739806) | more than 7 years ago | (#16530723)

Diebold Election Systems Inc. expressed alarm and state election officials contacted the FBI yesterday after a former legislator received an anonymous package containing what appears to be the computer code that ran Maryland's polls in 2004...

That was dumb. I mean I know he's a former legislator, but still if the suspicion is that the Diebold software is allowing vote switching, why send it to someone who has a history of being involved in government and depending on votes for his job? For all the sender knew his party is the one taking advantage of the flaws and they could have just distroyed the package!

It should have been sent to several people, including the EFF and some open source gurus. People who, you know, might able to actually read the code and give a flip if there's an issue with it. Really, if the FBI has the only copy now they might as well have sent it direct to the White House. [rolleyes]

Re:Why did they send it to him? (2, Insightful)

krs804 (986193) | more than 7 years ago | (#16531035)

The former legislator may have lost the election due to a glitch found in the code.

Why have electronic voter machines anyways? (1)

Attis_The_Bunneh (960066) | more than 7 years ago | (#16530753)

What I'm more concerned about with the nature of Diebold's source code is whether or not their programmers even understand it. I mean, more often than not, companies layoff programmers, or shuffle them off to other projects. And I have grave doubts the original programmers of the voter machine software left behind significant documentation. So, if stronger encryption was needed to keep the possibility of hacking to change the vote count, I bet it would not be easy in a closed source model, where documentation sometimes is frowned upon.

I'm also very concerned that Diebold, being fairly close to home with Dick Cheney being a former company man for them, was just a pick'n'choose based on what Mr. Cheney felt were his friends, rather than on what is best for the nation. Technology can be useful in securing some things, but I think voter machines is not one of them. What if the machine goes down? What if the machine is 'poisoned' (as in the vote count was tampered with by individuals masking themselves as different people that they are not)? And so on. Does high technology warrant its use in a domain, where it adds no value and no security?

I really think this is just proof that technology can only go so far, and all the buzz over electronic voting and what not is just fluff, to be honest.

-- Bridget

EXCUSE ME? (3, Insightful)

Chabil Ha' (875116) | more than 7 years ago | (#16530793)

Diebold says the code is proprietary and does not allow public scrutiny of it.

Where did the government drop the ball on this one? IANAL, but it seems to me that the moment something enters into the arena of figuring our elections, it ought, by the very nature of things, enter into public scrutiny. Are we suppose to just bend over and accept anything the see fit to inflict upon us? The contracts in the first place should have been drawn to allow for a public audit of the code.

Here's one thing I want to know (5, Interesting)

erroneus (253617) | more than 7 years ago | (#16530809)

Who are the people, other than DieBold, that support DieBold's secrecy? Who are the people who would like to preserve things as they are rather than fix the problems that the rest of the interested public is concerned about?

I think that when we can publically identify who these people are, we can either have a proper public debate on the topic or we can put the matter to rest by exposing the corruption that has been going on.

If the Republicans don't lose in November... (0, Troll)

PHAEDRU5 (213667) | more than 7 years ago | (#16530821)

That is, if the *Rethuglicans* keep control of the House and Senate, I fully expect Diebold to be given the blame.

(I mean, everyone I know (on /.) votes Democrat!)

I almost hope this happens, just for the cries, shouts, rending of hair, gnashing of teeth!

Oh the humanity!

Does it matter (0)

Anonymous Coward | more than 7 years ago | (#16531039)

Even if the software was open source, the process is still moderated by government officials correct?

That means that they government could throw whatever piece of software they wanted at us, say "Here's the code we use, happy?" and then continue to use whatever they wanted.

It comes down to what you want to know. If there is something malicious going on, I'm sure the government is aware of it, and likely behind it. All we can do is hope that there are still decent people in important positions and that the right choices are being made.

I for one, wouldn't feel more comfortable if the software used was open source.

Rights. You have to take them. (1)

nazera (1016341) | more than 7 years ago | (#16531067)

As a Free American I have the Right to vote. I have used that Right, many times. In using my Right to vote I have an obligation to protect the Right's of all Americans. This obligation is not enforcable other than through my own free will. I choose to take this obligation seriously and given the chance I would publish ANY information about the process of voting that I came across, other than any information that would directly release who voted for whom...though the level of threat, in my opion as a Free person, to the voting process could mitigate this. I would and will, given the chance or by breaking any law I choose (I don't do physical damage to people, so some laws I would not break, but only though choice not because of the law itself) inspect, dismantle, suck the software out of...etc. any voting "machine" that I think cannot be shown, in a very simple fashion, exactly how it records votes. Has any system that uses current semi-conductor and/or software technologies CANNOT, by definition, be shown, in a very simple fashion, exactly how it records votes: It CANNOT be used the the voting process. As an American I DO have the Right to break any law I wish and the People's elected representatives have the Right to enforce any law I break...this does not mean I do NOT have the Right to break the law.
This is simple...if the method by which the voting "machine" records the vote cannot be shown visually and explained verbally in less than two minutes....forget it. Puchcards might allow for mistakes....but you know exactly how it worked. Hanging "chads" should not be solved by using a CPU, it should be solved by re-designing the card and die so the chance of a missed punch is lowered to demostrable level. You can even measure the die and punch to an insane level...certify them with a hard stamp, show the public what the hard stamp looks like, vote and then throw the die and punch into a furnace.....building a new lot with a new stamp for your next voting cycle. Keep it Simple and Stupid. Write your Senator, etc. and for now get a paper, mail in ballot (still does not met the need but have to start with something).
If you come across the source code or any other infomation about any voting "machine"; do the right thing, step up, be Free and set it Free.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...