×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Diebold Disks May Have Been For Testers

Zonk posted more than 7 years ago | from the concientious-tester dept.

182

opencity writes "The Washington Post reports on the two Diebold source disks that were anonymously sent to a Maryland election official this past week. Further investigation has lead individuals involved to believe the disks came from a security check demanded by the Maryland legislature sometime in 2003." From the article: "Critics of electronic voting said the most recent incident in Maryland casts doubt on Lamone's claim that Maryland has the nation's most secure voting system. "There now may be numerous copies of the Diebold software floating around in unauthorized hands," said Linda Schade, co-founder of TrueVoteMD, which has pressed for a system that provides a verifiable paper record of each vote."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

182 comments

New tag (3, Funny)

DittoBox (978894) | more than 7 years ago | (#16541618)

The new tagging system is cool. Diebold gets my "wretchedhiveofscumandvillainy" tag.

Re:New tag (1, Informative)

DeadboltX (751907) | more than 7 years ago | (#16541868)

It is people like you that cause the tagging system to not work properly.

The purpose of the tagging system is so that you can tag an article with words that you would use in order to search for such an article.

Proper tags for this article may include "Diebold" "voting machines" "Maryland"

Then when someone searches for "voting machines" this article shows up, even though the the article summary may not include the words "voting" or "machine". This is sort of a wikipedia approach to tagging articles to make them more easily searchable.

No one is ever going to search for "wretchedhiveofscumandvillainy" and so your tag is not only dumb but also useless.

I hope you appreciate that I am sacrificing modding you down in order to give you a proper rundown of the tagging system

Re:New tag (5, Funny)

LordEd (840443) | more than 7 years ago | (#16541934)

In other news, slashdot search queries for "wretchedhiveofscumandvillainy" increases dramatically.

Re:New tag (0)

Anonymous Coward | more than 7 years ago | (#16541990)

Not his fault. The word "tag" has other meanings in urban contexts, which closely resemble what he was trying to do.

Re:New tag (2, Interesting)

NoTheory (580275) | more than 7 years ago | (#16542038)

Oh, quit being such a stodgy whiner. Tagging systems aren't replacements for top-down ontologies, and shouldn't be used as such. The source of the information isn't trustworthy or comprehensive, i don't see why the existence of a tagging system shouldn't change the information it seeks to describe. So you're shooting for a moving target, so what? Tagging/user keywords are an imprecise science, at best, and a dark art at worst.

But then i suppose you think google bombing is a dumb idea too. (even if it's useless, it's kind of amusing, and does in fact indicate what some people think, even if they put it out there consciously).

Re:New tag (0, Offtopic)

NoTheory (580275) | more than 7 years ago | (#16542412)

Er... flamebait? I don't think that my post contained anything that's controversial in content (tagging is not a good descriptive statistical tool), and i don't think the rhetorical style i chose (while perhaps a bit too familiar) was insulting, or clearly spoiling for a fight. Complainging about this sort of tag pollution is directly analogous to google bombing, and my point is that nobody seemed to raise a furor about that.

Re:New tag (3, Informative)

bunions (970377) | more than 7 years ago | (#16542076)

The tagging system is a joke. 90% of all tags are either words in the article title, or one or more of "fud, notfud, yes, no, maybe."

Re:New tag (5, Insightful)

pilkul (667659) | more than 7 years ago | (#16542170)

Who cares? The actual way tags ended up being used is a lot more in the Slashdot spirit. I, for one, like having one-word snarky commentary right below every story.

Re:New tag (2, Informative)

TommydCat (791543) | more than 7 years ago | (#16542978)

(To mod: Troll? WTF?)

I agree - I don't have tons of time to surf anymore and I steal a glance at the tags before considering whether to actually RFTA or not. I can't imagine myself using the search function for anything in particular, as fish, relatives and /. articles all get a bit smelly after a few days.

Yes, tags are the greasy new flavor feature, but if it's strictly for indexing, searching, whatever, why bother showing them on the front page? We as the users will abuse anything given a chance...err I mean use as we see fit.

Re:New tag (4, Interesting)

grasshoppa (657393) | more than 7 years ago | (#16542208)

While tagging in general is an interesting idea, you have to understand that the combination of semi-anonymous tagging + your average internet idiot will completely ruin any hopes for a tagging system that does what you specify.

Instead, the editors who post the story should be tagging it appropriately. As well as that, there should be a common set of tags that can be voted on for each story ( dupe, inaccurate, comfirmed, ect.. ), with the voting be weighed by user.

And even that is subject to errors, but it'd be more accurate.

Re:New tag (4, Insightful)

Matilda the Hun (861460) | more than 7 years ago | (#16542426)

Except that, because me and others find this amusing, "wretchedhiveofscumandvillany" will be able to be used to search for articles concerning government corruption (among, I imagine, other things). As for your argument about it gummming up the works, that would be true if each article had a limited number of tags that it could have. But it doesn't. So if you have a tag you like better, stick it on. Don't you just love how the tagging system really works?

Oh, and I wasted my mod points so I could tell you how people with senses of humour work.

Proper tags (4, Funny)

Capsaicin (412918) | more than 7 years ago | (#16542448)

Proper tags for this article may include "Diebold" "voting machines" "Maryland"

Surely you can think of some more useful tags like "electoral fraud", "corruption," "cronyism" ...

Give it a rest! (2, Insightful)

Myria (562655) | more than 7 years ago | (#16543160)

People will use something for whatever suits them best, not what the marketer says to use it for. Clearly slashdotters want to use tags for one-word comments, so that's what they get used for. Music didn't really occur to the inventors of the phonograph, and look how that turned out.

Melissa

Previous story tags: (3, Funny)

cgenman (325138) | more than 7 years ago | (#16543282)

Let's see if you can tell where these are from:

fud, no, yes, rms, notfud
scam, slownewsday
yay, spam, spamhaus, haha
wikipedia, copyright
fud, notfud, monopoly

'glad to see the system is working well.

Re:New tag (-1, Redundant)

Anonymous Coward | more than 7 years ago | (#16541936)

Speaking of dumb and usless . . .

wretchedhiveofscumandvillainy.com is AVAILABLE!

holy shit - I'm sure to get laid if I register that one . . .

Re:New tag (0)

Anonymous Coward | more than 7 years ago | (#16542350)

I always thought it was "there are three kinds of people in the world: those who can count, and those who can't"...

First post1 (0, Insightful)

Anonymous Coward | more than 7 years ago | (#16541620)

How long until it's on BT?

Can't do much with these disks (5, Funny)

Anonymous Coward | more than 7 years ago | (#16541660)

Can't play on ranked servers without a cd key and the gameplay itself is more boring than WoW. I'll stick with BF2.

Re:Can't do much with these disks (4, Funny)

TubeSteak (669689) | more than 7 years ago | (#16541964)

Now that's now fair.
It's still great fun over the LAN!!

Getting a bunch of friends together to suborn the vote is always a good time ;-)

Re:Can't do much with these disks (4, Insightful)

forkazoo (138186) | more than 7 years ago | (#16542190)

Can't play on ranked servers without a cd key and the gameplay itself is more boring than WoW. I'll stick with BF2.


And, frankly, the AI is horribly unrealistic. All the little guys that you tell to cast votes... Most of them just ignore you. It's like they don't even notice you, or anything going on. And, the guys being voted for are like crazy over the top cartoon villains. Whoever made this game is obviously a moron, and has no understanding of a decent plot.

Actually, on a more serious note... I haven't been able to find a torrent. This shit is pretty fucking fundamental to our democracy, and when it finally gets 'leaked,' it manages to stay buttoned up? Seriously, do we know anything about the source? Does anybody have a torrent, or at least asn assessment from somebody qualified to be frightened by looking at it? As far as I'm concerned, every citizen of the US not only should have the right to see the mechanics of demacracy, but an obligation to do so. Anybody who doesn't try to get ahold of the source code running their local voting machines should be considered grossly negligent.

Re:Can't do much with these disks (5, Insightful)

TubeSteak (669689) | more than 7 years ago | (#16542476)

Actually, on a more serious note... I haven't been able to find a torrent. This shit is pretty fucking fundamental to our democracy, and when it finally gets 'leaked,' it manages to stay buttoned up?
It got 'leaked' to Cheryl C. Kagan, a former Congresswoman & obviously someone with a little bit of common sense.

Kagan did the right thing, which was to contact the state elections officials, who in turn contacted the FBI, who went and talked to Kagan.

She was part of the Government and respects it enough to try and work within the system.
Anybody who doesn't try to get ahold of the source code running their local voting machines should be considered grossly negligent.
Good luck explaining that to a judge. The penalties for messing with anything relating to an election are no joke. Why do you think those discs were delivered anonymously?

Re:Can't do much with these disks (5, Interesting)

electrosoccertux (874415) | more than 7 years ago | (#16542880)

There are far more serious issues than our voting problems today when people consider wanting to learn about somthing akin to "messing with" it. As if my understanding of the source code behind how my vote is cast at all interferes with our country electing the next president. Unless, that is, there are flaws in the code that say all the votes will be converted to votes for [insert favorite politician here] if I press the upper right hand corner of the screen five times in under ten seconds; and my understanding of such a flaw [even though I wouldn't take advantage of it] stalls the election process. Nows whose fault would that be? Is it somehow my fault, for finding out that the Diebold did a bad job?

I've heard the likes of your attitude before. It can pretty much be summed up as "Don't ask why, that's just how it is." Imagine if you told your kids that.

Try appending that statement to the end of different statements:

-"We can't cure cancer. Don't ask why, that's just how it is." And so nobody bothers researching a cure.
-"Your computer's Windows installation is broken. Don't ask why, that's just how it is." And so you needlessly spend $$$ on a new computer when all you needed was a fresh installation and anti-vir."
-"2 + 2 = 5. Don't ask why, that's just how it is." And so the plane crashes.
-"You're wrong. Don't ask why, that's just how it is."

I hope you get the point.

Slight correction (3, Informative)

TubeSteak (669689) | more than 7 years ago | (#16542940)

Kagan did the right thing, which was to contact the state elections officials, who in turn contacted the FBI, who went and talked to Kagan.
I went back and looked at the original Baltimore Sun story [baltimoresun.com]

The Baltimore sun says that "Kagan called the attorney general's office, and word of the disks began to spread. Learning of the development, Linda H. Lamone, the state's elections chief, reported Kagan's possession of the code to the FBI yesterday [Oct 19]."

Which only reinforces my point, since
Attorney General > State Election Chief

Not a laughing matter... (1, Insightful)

rHBa (976986) | more than 7 years ago | (#16543190)

The penalties for messing with anything relating to an election are no joke.


Unless your initials are G Dubya B...

Re:Can't do much with these disks (1)

TommydCat (791543) | more than 7 years ago | (#16543010)

Not only boring gameplay, but it seems the red guys win everytime despite my score! WTF?

Re:Can't do much with these disks (2, Funny)

bky1701 (979071) | more than 7 years ago | (#16543240)

That's because you didn't buy the "think of the children" upgrade to your propaganda... err campaign center.

If the attackers can use the source to attack it (5, Insightful)

strider44 (650833) | more than 7 years ago | (#16541664)

If the attackers can use the source code to attack the machines then the machines aren't secure and probably wouldn't withstand an attack from someone who had access to the machine even without source code.

Having numerous copies floating around is a good thing if disclosure of security holes is encouraged, and the fact that Diabold are implying that the security of their systems rely on people not having access to the source code is a very bad thing.

Lets look at things logically. The only people who would rig the election using those machines would have to have physical access to the machines, and if they did they wouldn't need the source code to highlight security holes. If the source code was released then the people who would be advantaged would be the people who would responsibly disclose security holes.

Re:If the attackers can use the source to attack i (4, Interesting)

WhiplashII (542766) | more than 7 years ago | (#16541926)

What is funny is that no one has commented on the real story here - Diebold sent a copy of the source code for a security audit, as requested. Maryland's security team then leaked the code to external people and used the incident to claim that Diebold's security is awful...

The real lesson here is the lengths some politicians will go to so that they appear "right".

(OK, and Diebold also has security issues - but that is a side issue, everyone has security issues. These are the guys making ATMs, for goodness sake. A voting machine that is as secure as an ATM is probably good enough. You can't stop human fraud via a machine - humans win every time.)

Re:If the attackers can use the source to attack i (5, Insightful)

clifyt (11768) | more than 7 years ago | (#16542062)

"A voting machine that is as secure as an ATM is probably good enough."

Wasn't it just a few weeks ago people were finding the passwords for ATMs 'hidden' right there on the net with instructions on how to reprogram them from the front pannel so that it thought the 20s slot was actually dispensing $5s???

If this is the security we can expect...well, I just hope my side finds the password list before the other side. Those bastards are slimy cut and run warmongers who want to stay the course of flipflopping.

Re:If the attackers can use the source to attack i (4, Insightful)

TapeCutter (624760) | more than 7 years ago | (#16542088)

"These are the guys making ATMs, for goodness sake. A voting machine that is as secure as an ATM is probably good enough."

If the system were as secure as an ATM network I would have to agree. An ATM gives you a bit of paper to prove the transaction took place and are fully auditable by the bank, the voting machines in question do not give a receipt and do not leave an audit trail. The fact that diebold also makes ATM's indicates nothing less than malice in the design of such a piss poor security scheme for their voting machines.

Re:If the attackers can use the source to attack i (1, Insightful)

Anonymous Coward | more than 7 years ago | (#16542780)

The only way having the security level of an ATM works is if the system works like an ATM. You can trust an ATM because there's an auditable record of transactions in your account. When ATM errors or fraud occur, you can point them out to the bank and get them reversed.

That would work fine for voting as long as the nation is willing to give up the tradition of the secret ballot. Until then, what auditable record exists of your individual vote, with your name attached to it so you can contest the way it was counted?

Counting secret ballots is *not* the same as posting transactions to audited financial accounts.

Re:If the attackers can use the source to attack i (3, Insightful)

TapeCutter (624760) | more than 7 years ago | (#16543212)

I wasn't trying to imply throwing out secret ballots, just pointing out that ATM's are auditable and these machines are not. The "bit of paper" I was talking about is not kept by the voter but the candidates can use them to audit the machines without connecting individuals to "bits of paper".

The ATM analogy is a bad one since banks must connect an individual to a transaction. Voting machines must not connect an individual to a transaction while still ensuring one vote per person. It's not particularly hard to do, the issues have been well understood for at least a couple of centuries.

Having said that, diebold have shown they understand security and auditing issues by producing reliable ATM's, they have not done the same for voting machines. Given diebold's experience with ATM security issues it is hard to see how incompetence has played a part in this particular cock-up.

Voting and ATM machines unrelated. (4, Interesting)

Ungrounded Lightning (62228) | more than 7 years ago | (#16543164)

The fact that diebold also makes ATM's indicates nothing less than malice in the design ...

Diebold BOUGHT the voting machine deisgn (by buying the company that made it). It is unrelated to their ATM designs.

Re:If the attackers can use the source to attack i (5, Insightful)

jx100 (453615) | more than 7 years ago | (#16542104)

I'd argue that the source code for voting machine should be made public in any circumstance. There is *no* reason to keep any part of the counting process secret. If there are exploitable holes in this process, that means the *process* is at fault, and should be redone until there are no holes.

Re:If the attackers can use the source to attack i (1)

bunions (970377) | more than 7 years ago | (#16542120)

If they were even half as secure as ATMs I think we'd all have far, far fewer problems. I don't think you've been paying much attention to the diebold articles around here lately.

Re:If the attackers can use the source to attack i (4, Insightful)

Beryllium Sphere(tm) (193358) | more than 7 years ago | (#16542394)

>A voting machine that is as secure as an ATM is probably good enough.

That's not what we're getting, as the research and disclosures have made painfully clear.

In any case, Diebold has had some trouble with ATMs, including the ATM reprogrammed as a jukebox [thetartan.org] and the ATMs infected by a virus [windowsfordevices.com].

Voting machines are a harder and more safety-critical application than ATMs. Voting machines have to preseve anonymity. Imagine how that would complicate banking. Then, the worst case failure of an ATM is that some money changes hands inappropriately and laywers earn lots of money sorting it out. The worst case failure of a voting system is an election lost to fraud, meaning the victors are the crooks. The damage is potentially incalculable: think of the nations ruined by having the wrong leaders.

Re:If the attackers can use the source to attack i (0)

Anonymous Coward | more than 7 years ago | (#16542682)

meaning the victors are the crooks

It's always true :-(

Re:If the attackers can use the source to attack i (1)

mauddib~ (126018) | more than 7 years ago | (#16542416)

No one commented on the story because it is too filthy to be true. But, Maryland gave away alot of power in order to show this scandal and help humanity a little. Because your last line: 'you can't stop human fraud via a machine' isn't true (and in my oppinion VERY unpatriotic). You CAN stop human fraud, with or without machines. This is the basis of a little fragement of that which still makes us human: trust and love, something you might want to look for.

Even if we won't prevail in the end, even if all hope seems lost, we at least can say to ourselfs: 'I tried!'. If this all might sound a little Christian in your ears, it is. And it is Muslim and Budhism, humanism and all of the other religions and philosophies in the world. Because the only thing you can possibly hope for is to have a little trust and love in other people.

For Christ sake, don't you see? Don't you see the terror and horror in all of this? Isn't it the distrust in the goverment or those who rule you, that made them suspisious in the first place? Isn't it your idea of 'right' that has been changed because of distrust?

Yes, there are alot of pricegrabbers our there: they might all fool on us, spy on us, make us feel angry or anxious. But they cannot take one important human trait away, and that is trust and love. Use your mind not to destroy, but use it to create.

Re:If the attackers can use the source to attack i (2, Insightful)

bjorniac (836863) | more than 7 years ago | (#16542464)

"A voting machine that is as secure as an ATM is probably good enough." No, it isn't. You defraud my ATM you can steal my money, but the bank will reimburse me, and overall there's not much harm done. You steal my vote, you can do a lot worse things to me than take my money away.

Re:If the attackers can use the source to attack i (2, Insightful)

strider44 (650833) | more than 7 years ago | (#16542908)

(OK, and Diebold also has security issues - but that is a side issue, everyone has security issues. These are the guys making ATMs, for goodness sake. A voting machine that is as secure as an ATM is probably good enough. You can't stop human fraud via a machine - humans win every time.)

There's even more money and power in cracking elections then there is in cracking ATMs, so no it's not good enough.

Diebold machines aren't designed to be secure (3, Informative)

nephridium (928664) | more than 7 years ago | (#16542098)

Back in 2004 computer programmer Clint Curtis testified under oath [youtube.com] that he had been asked by a congressman to write software that would make it possible to rig elections. He quite blandly states that "anyone" (with the expertise) could write software to rig elections, because the system has not been secured in any way.

Re:Diebold machines aren't designed to be secure (0)

Anonymous Coward | more than 7 years ago | (#16542536)

Why does Clint Curtis hate America?

Re:If the attackers can use the source to attack i (1)

MLease (652529) | more than 7 years ago | (#16542152)

Having numerous copies floating around is a good thing if disclosure of security holes is encouraged, and the fact that Diabold are implying that the security of their systems rely on people not having access to the source code is a very bad thing.

Did you spell "Diabold" that way on purpose (i.e., to evoke "diabolical" in our minds)? Either way, I'm ROTFLMAO!

-Mike

Re:If the attackers can use the source to attack i (1)

rm999 (775449) | more than 7 years ago | (#16542236)

I don't think diebold is saying that people can use the source code to hack it. All things being equal (I am ephasizing that last statement, because I know people will ignore it otherwise) having the source code can only make it easier to hack into software. For example, if you intercept an encrypted message, knowing the general encryption algorithm is infinitely useful in determining what the message says.

I know this is an unpopular opinion on Slashdot (which is built around open-source principles), but it is true. I am not saying that diebold should be trusted, but I am saying that your assertion that closed source has to inherently be less secure than open source is flawed. A solid architecture is a solid architecture...

And yes, I know open source encourages people to look at the source and find flaws. In fact, I think diebold should be open-sourced. I just disagree with your assumptions.

Re:If the attackers can use the source to attack i (1, Informative)

Anonymous Coward | more than 7 years ago | (#16542566)

I know this is an unpopular opinion on Slashdot (which is built around open-source principles), but it is true. I am not saying that diebold should be trusted, but I am saying that your assertion that closed source has to inherently be less secure than open source is flawed. A solid architecture is a solid architecture...

I think the reasoning here on slashdot tends to be that: Without the source code you cannot say whether something is more secure or less secure therefore the safest assumtion is that it is less secure. So not having access to the source doesn't make something inherently less secure, just makes it inherently less trustworthy.

Seeing the source would allow verification of the security of the design. Not seeing the source lends an air of "security through obscurity," sort of a "trust us, it's secure" which doesn't go over well.

Re:If the attackers can use the source to attack i (3, Interesting)

strider44 (650833) | more than 7 years ago | (#16542890)

You obviously haven't done any sort of cryptography. (And yes, I have and do do cryptography and cryptoanalysis.)

I'll address the second and third paragraphs first of all since it's more on topic before refuting the first paragraph.

I never said that a closed source software has to be inherently less secure than open source software. Whether the source is open or not doesn't have any direct implications on the security of the software. I said or implied that closed alrogithms are inherently less trustworthy than closed algorithms. Peer revue is an old and very well tested notion that lays the foundation for modern cryptography, and it is more than "look at the source and find flaws". I'll quickly outline the reasons for it here.
On Corey Doctorow's excellent speech on DRM [boingboing.net] he slyly called this Schneider's Law: "any person can invent a security system so clever that she or he can't think of how to break it". In other words if you thought of it then you probably only see its benifits without seeing its flaws. For someone to see the flaws they have to be able to think differently; not necessarily be smarter than you, just be able to think differently from you. The chances of getting someone to be able to do this in a small organisation is slim. Even sending it out to technical officers only increases the chances of it being found slightly.

The next reason more specific to this situation comes when you look at the likely attackers of the system. When looking at the voting machine you tend to think of politicians to be the most likely to compromise security. You might also have major corporations with a political adgenda, foreign governments, even private citizens. In other words, everyone. Not many people actually realise that this includes the programmers themselves!

Do you trust every person in Diabold? I don't even know them - who the fuck are they to have control over my vote? (Luckily I'm not American so they don't have control over my vote) If the code is secret then they not only have the means but they also have the ability to do it without getting caught! If you personally don't have access to the code you are simply giving your vote to the programmers and trusting them to do the right thing. I'm not saying that they're necessarily bad people, but there's a lot of money in the US elections, and everyone has a price.

I haven't really gone through that thoroughly and I think I've missed more than a few things but I don't really have that much time free. I'll get onto the first paragraph now. Firstly, gathering an algorithm without source from a binary is pretty trivial and as I said before the people most likely to attack these machines will have access to the machines themselves and thus have access to the binaries. Even without this, perhaps not knowing the algorithm is a disadvantage to a cryptoanalysist but even then many algorithms have identifiers in their output giving clues as to which algorithm it is. It's definitely not infinitely more useful to know the algorithm when determining what the message says. Even so if you're relying on an algorithm's secrecy to ensure security in your communications then as soon as the algorithm is released (and it most often is in more serious situations) then your communications are compromised. Yes you said all things being equal but the thing is the algorithm isn't supposed to be the secret, the key is.

Now that was a long rant.

Re:If the attackers can use the source to attack i (1)

TapeCutter (624760) | more than 7 years ago | (#16542990)

"For example, if you intercept an encrypted message, knowing the general encryption algorithm is infinitely useful in determining what the message says."

Things have progress somewhat since WW2 and the enigma machines, ever hear of public key encryption? You can examine the algorithim to any arbitrary level of detail but it won't help you to decrypt a message.

OTOH: I agree with the rest of your post, the most that can be said of diebold's "security through obscurity" is that it's an unknown quantity. Mind you there are enough visable holes in their procedures to render the source code debate moot.

Dropped Ball? (1)

bussdriver (620565) | more than 7 years ago | (#16542634)

Why leak something to a trusted official? Just think of the intent of leaking it to an official who is critical of the machines.
If the intent is to disclose code only then there are many other BETTER methods.

Anybody see the new film "Man of the Year"?
Does art predict life now instead of imitate it?

Re:Dropped Ball? (1)

tftp (111690) | more than 7 years ago | (#16542742)

If the intent is to disclose code only then there are many other BETTER methods.

As I understand, the intent was not to disclose the code but to make it known that a copy of the code is out there. A person with government ties and sufficient understanding of what the disks contain was a perfect choice because the scheme worked and we all know what happened. The sender of the software also had to keep in mind that the recipient of the disks must be not personally interested in the outcome, since it's very easy to "discard the disks as worthless", or claim so. Appears that the sender wanted the story to get published.

With respect to your comment about "leaking it to an official who is critical of the machines" - such a person would not get any attention because he cries wolf every day. Such person's claims would be summarily dismissed. The trick indeed was to select a person who has no bias but has respect.

Stupid (4, Insightful)

SatanicPuppy (611928) | more than 7 years ago | (#16541692)

If the software was well designed, this wouldn't matter at all. I mean it should be clean and simple, and secure. All incoming data should be validated, all data should be stored, and a mile wide system audit trail should be created at the same time. Then, spit out the paper version with a transaction # so you can run it right back against the system.

Instead, I bet it's a pile of shit. Recycled code, buffer vulnerabilities, piles of ad hoc crap, with poor documentation.

I hope someone does find a way to exploit the code. People need to wake the hell up.

Re:Stupid (0)

Anonymous Coward | more than 7 years ago | (#16542270)

Why are assuming there aren't ready-made backdoors compiled into the final Midterm2006 binaries.

After all, all we have is 2003 'leaked' source code Diebold may have sanitized.

To understand just how serious this is, over 60% of ALL the voting machines in this country do not currently produce a paper record/trail of any sort.

Just joking. (4, Insightful)

Thisfox (994296) | more than 7 years ago | (#16541696)

Face it, it would probably be a more secure voting system if they voted by email. They could even make it into a computer game to encourage more young people to vote!

Although, if they did vote by email, imagine the junkmail vote....

You gotta wonder about any politician that wants no paper trail of his own votes. Why is he not interested in having hardcopy proof that he really did win this or that election? (or she, or she, I hope to the gods that Americans aren't backward enough to have only male options in parliament).

Re:Just joking. (1)

joshetc (955226) | more than 7 years ago | (#16541858)

In a way that doesn't seem too farfetched.. it wouldn't be unrealistic to have their e-mail address as a part of their voter registration. One vote per registration number and e-mail. They send an e-mail with the vote and verify the proper registration number matches the proper e-mail address. After one vote has been cast there are no changes for that particular person... I suppose there would be some holes which someone much wiser than me can point out to "patch".

Can we borrow yours? (4, Funny)

Kadin2048 (468275) | more than 7 years ago | (#16541946)

I hope to the gods that Americans aren't backward enough to have only male options in parliament

Actually, our options for Parliament are even more limited than that...

Re:Just joking. (3, Funny)

SeaFox (739806) | more than 7 years ago | (#16542522)

Although, if they did vote by email, imagine the junkmail vote....


Cheap C!@lis for President!
No money down m o r g a g e holds Senate majority!
And plenty of HOT! NUDE! GIRLS! in Congress!

What's the problem again? (5, Insightful)

arth1 (260657) | more than 7 years ago | (#16541702)

Forgive if if I misunderstood, but shouldn't Linda Schade be happy that there's copies of the software available for public scrutiny instead of complaining about it? If she's really concerned with the security of electronic voting, surely she would be in favour of the software being verifiable?

If I didn't misunderstand, someone in D.C. should give this lady a call and explain to her the pitfalls of "security through obscurity" and why openness is a Good Thing.

Conspiracy theory (4, Funny)

sshore (50665) | more than 7 years ago | (#16541854)

Perhaps she's concerned about the give_election_to_highest_bidder() function being discovered..

Re:Conspiracy theory (3, Funny)

slughead (592713) | more than 7 years ago | (#16542714)

I changed the currency to Japenese yen and bought the '04 election for $100.

Too bad the stupid spell checker changed 'Sgt. Bosco "B.A." Baracus' to "Bush" and we're stuck with this guy now.

Sorry dudes, my B.

-slug

Re:What's the problem again? (4, Insightful)

TapeCutter (624760) | more than 7 years ago | (#16541984)

"Security through obscurity" is diebold's methodology, by obtaining a set of original disks she has exposed a hole in their security and demonstrated the weakness in their methods. Diebold by their actions have basically admitted they belive their code is vunerable to "hackers", that "admission" alone should disqualify paperless voting machines.

In other words: If diebold can't manage to secure their source code from theft then how the fuck can they be trusted to secure your vote from theft.

Re:What's the problem again? (4, Interesting)

Hemogoblin (982564) | more than 7 years ago | (#16542094)

She's probably unhappy because the copies are NOT being made available for public scrutiny. They are being returned to Diebold.

Also, it is possible that those disks were copied before they were discovered. These copies could potentially get into the hands of someone who wanted to abuse the election. Security through obscurity is no longer a good defense when your enemy has the source code. The only thing they're succeeding at is hiding flaws from the people who wish to fix them.

Remind me again why people use Diebold products?

I find it very interesting... (3, Insightful)

stox (131684) | more than 7 years ago | (#16541720)

that the versions, that have been anonymously submitted, were from the last election. Could someone be trying to tell us something? Will a third party have the chance to examine the contents?

Re:I find it very interesting... (1)

wkitchen (581276) | more than 7 years ago | (#16543194)

Will a third party have the chance to examine the contents?
Maybe. But would any third party, assuming they get this through unofficial channels just as Cheryl Kagan did, be willing to risk the litigation (or worse) that would inevitably be aimed their way if they ever went public with thier findings, or even with the fact that they looked at it, especially if there IS a "smoking gun" in there? I know I would fear for my safety and that of my family were I in that position.

Copyright vs. election security (4, Insightful)

Dirtside (91468) | more than 7 years ago | (#16541756)

Diebold whines about how the source code to their voting software is secret and copyrighted and blah blah... but you know what? Accurate democratic elections easily outweigh the need of any company providing voting software to keep their software secret. The government ought to be hiring a software company on contract to provide the service of writing voting software, not buying a product from them.

This is assuming, of course, that there's any overall benefit to digital voting in the first place, which there really isn't. Digital elections are a terrible idea -- stick with paper. Oh no! We'll have to wait a few more hours to have complete results! Big fucking deal.

Re:Copyright vs. election security (2, Interesting)

Guppy06 (410832) | more than 7 years ago | (#16541974)

"The government ought to be hiring a software company on contract to provide the service of writing voting software, not buying a product from them."

We're talking about Maryland, not California or New York. Annapolis simply does not command the influence to convince companies such as Diebold to change their terms. And even if a state could and did try to influence Diebold to change the terms, I could see Diebold taking the state to federal court based on the "Dormant Commerce Clause."

Now, as to why they signed onto the idea as-is instead of saying "no, thank you," that's another matter.

Re:Copyright vs. election security (1)

Beryllium Sphere(tm) (193358) | more than 7 years ago | (#16542992)

After all, would a state contract out a major construction project without expecting to get copies of the blueprints?

If not, I have a bridge to sell them...

These are the disks we returned to the state (5, Informative)

Anonymous Coward | more than 7 years ago | (#16541770)

I was one of the RABA testers. We discussed this today and we returned the disks to the testers. The leaks came from Linda Lamone's OWN OFFICE!

Re:These are the disks we returned to the state (1)

TubeSteak (669689) | more than 7 years ago | (#16542912)

And wasn't that the original story?
That the discs were nabbed from the Elections people.

http://www.baltimoresun.com/news/local/bal-te.md.v oting20oct20,0,5237249.story?coll=bal-home-headlin es [baltimoresun.com]

"An accompanying letter refers to the State Board of Elections and calls Kagan "the proud recipient of an 'abandoned baby Diebold source code' right from SBE accidentally picked up in this envelope, right in plain view at SBE. ... You have the software because you are a credible person who can save the state from itself. You must alert the media and save democracy."


/Not that we can really trust an AC's claims

Security doesn't matter if the machines are rigged (5, Insightful)

Anonymous Coward | more than 7 years ago | (#16541818)

Just before the 2002 election, a secret "patch" was distributed by order of the president of Diebold without the knowledge of election officials, according to several whistleblowers. You know, the guy who promised to "deliver [Ohio's] votes to the President".

Who gives a fuck if J0e Hax0r can compromise a voting machine when secret code can be installed on thousands, if not all, of the voting machines at the last minute with absolutely no oversight and nobody knowing about it? Voting, to borrow from one of the current "President's" minions, is a "quaint" and outdated practice.

Re:Security doesn't matter if the machines are rig (1)

zippthorne (748122) | more than 7 years ago | (#16542006)

And how exactly would this patch be applied? It's not like the machines are turned on and connected to the internet when not in use on election day.

Re:Security doesn't matter if the machines are rig (1)

TapeCutter (624760) | more than 7 years ago | (#16542288)

Simply replace the flash card, you know the one without any kind of seal. The problem extends further than just the machines, it involves many aspects of the procedures including access to the machines before election day. What the GP is saying has been reported many times, I leave it to you to find the relevant links.

So why did we move to electronic voting again? (4, Insightful)

XNine (1009883) | more than 7 years ago | (#16541846)

Considering that paper ballots have been used for TWO CENTURIES. Jesus Christ. Just make a machine that scans the barcode on a piece of paper, punches holes in it, and copies the data so no duplicate votes can be made or votes be changed since there will be a paper back up to turn in that will back up the electronic vote, and the voter gets a carbon copy of the paper. Wow. How hard was that to think up? Now, can I have all of the money that Diebold has been getting?!

Re:So why did we move to electronic voting again? (5, Insightful)

fdiskne1 (219834) | more than 7 years ago | (#16541904)

and the voter gets a carbon copy of the paper

You had me up until that part. The voter should be able to SEE the paper copy and verify it is accurate without being able to touch it. It is then whisked away, dropped down, or whatever onto a roll, stack or whatever so poll workers have a way to verify the machine counts with paper counts. If they are given receipts, this would provide proof they voted a certain way. Voters should not be given a copy since this opens the door to people being paid or intimidated to vote a certain way. Other than that point, I agree with your post.

Re:So why did we move to electronic voting again? (1)

XNine (1009883) | more than 7 years ago | (#16541954)

The voter gets a carbon copy so they know the machine didn't jack their vote. That way, we have three times the security. Electronic and two paper copies, one that goes to the ballot officials and one that stays with the voter. My friend, perhaps we should do business together. = b

Re:So why did we move to electronic voting again? (5, Insightful)

NuclearDog (775495) | more than 7 years ago | (#16542102)

"Vote this way or you're fired, and I want to see the receipt."

Later:
"I lost the receipt."
"Our company no longer requires your services, we, uh, have decided to consolidate our action points to improve the synergy blah blah blah."

Re:So why did we move to electronic voting again? (1)

DDLKermit007 (911046) | more than 7 years ago | (#16543244)

I dunno what the big deal with actually providing a paper trail with these machines is. I live in Las Vegas, and while we do not get a paper copy of our voting. We do have it setup on every machine I've voted on at least to where theres a module thats added onto the side that shows you all of your votes very plainly once you finish keying in your votes. You take a minute to make sure whats on the paper is correct, you hit submit on the screen, and the paper is rolled onto the 2nd feeder roll at the top where it is kept in case of any disputes. Why the FUCK that system at the very least is not required FEDERALLY is beyond me. It's a common, fucking, sense, thing.

I honestly believe the rest of the nation's voting systems needs to be cleared by the Nevada Gaming Commission given thats who approves of denies machines for voting in Nevada and you better bet your pasty-white ass they know how to make sure shit is on the up & up. Oh and there is that little bit where the addition of a paper-trail with these machines is that it does add $500 onto the sticker-price of these machines. We only have our own politicians attempting to save a few bucks to blame really. Voter confidence directly translates into voter turnout. Such a system brings exactly just that to the table.

Re:So why did we move to electronic voting again? (0, Troll)

Lord Kano (13027) | more than 7 years ago | (#16542018)

Why?

Because the Democrats sobbed like little bitches with skinned knees that the Butterfly Ballots used in Florida were too difficult to understand.

So, they got what they wanted. A voting process that was easier to understand but impossible to verify.

LK

How to ensure a secure vote (1)

aeschenkarnos (517917) | more than 7 years ago | (#16541896)

It seems the solution has been staring us all in the face: someone must write a simple program to use the revealed code, that can be carried on a USB stick and used to modify votes. Then publicize the existence of this program. Since the election will clearly be fraudulent, and Mr Michael Mouse will be unable to take up more than one of the seats he has won, the election will have to be re-done, quickly, and un-hackably (ie, uncomputerised).

be cautious of a Diebold paper trail - not right! (5, Insightful)

arete (170676) | more than 7 years ago | (#16541950)

You, the voter, need to physically move your verified ticket into a box under the watchful eye of the election judge. This MUST NOT be done by machine, unless the machine also does it in an easily visible fashion under the watchful eye of an election judge - which is simply not what's going on.

I early voted on a Diebold voter verified machine - and it's NOT good enough. I even had a nice conversation with the technical election judge, and since it did print a verified trail I did have to go home and think about this before I realized how it sucked.

They totally and complete circumvented the idea of a voter verified paper trail.

The way this machine works is you vote, it prints, you can see-but-not-touch the printout. You can vote AGAIN (up to 3 times) and it voids the previous printouts. Again, without you touching them. Which means the process expects that some percentage of its paper trail will be voided. The printouts get sent into some magic compartment.

So 1) there's no way except by noise for the election monitors to know if it printed a variety of extra votes. And they were pretty quiet.

2) There's absolutely zero way to know if it went back and voided your vote, because there's plenty of precedent for voiding votes.

3) It can absolutely tell via paper alone who voted in which order; it's on a spool. Which could be easily tracked by anyone who watched what order people voted at that machine. Your votes are even less anonymous.

*sigh*

(Ok, so I posted this on the previous Diebold story - sue me. It's important, so I reposted it, Karma be damned.)

Re:be cautious of a Diebold paper trail - not righ (1)

zippthorne (748122) | more than 7 years ago | (#16542058)

What's with early voting anyway? How is that constitutional? or even a good idea? Surely spreading the vote (and elections volunteers) out over a month prior to an election invites fraud and accidents.

Re:be cautious of a Diebold paper trail - not righ (1)

whig (6869) | more than 7 years ago | (#16542268)

And you're still right. And I'll mention again that I replied on my blog: How to have a democracy. [wordpress.com]

Re:be cautious of a Diebold paper trail - not righ (1)

kernelistic (160323) | more than 7 years ago | (#16542626)

The US is not a democracy. We are a republic!

On the voting side of things, you are not about to get an electronic voting machine that is free of possible rigging until State Governments start paying software engineers directly, to develop voting machines. Even then, physical security of the voting machines will need to be ensured up until (And even after!) the certified results. I completely agree with you on the need for openness and review for such machines. This includes a vote log which reduces the "Secret ballot" that we are said to currently have in districts that do paper voting.

Re:be cautious of a Diebold paper trail - not righ (0)

Anonymous Coward | more than 7 years ago | (#16542706)

The US is not a democracy. We are a republic!

Right! And now that the right people are in power, elections are superfluous anyways."

Security Leak (1)

nazera (1016341) | more than 7 years ago | (#16541988)

I would think the only kind of security leak you could have in a voting system would be who voted for whom. If knowledge of the voting machine hardware or software is a threat to the voting processes and it's publication is considered a security leak.....then who is whatching the watchers ?......Could we please set this up so a security leak on voting would mean: "Some physically stole the voting boxes". This is killing me. Is "Keep it Simple and Stupid" really that hard to understand ?

Not 1337 h4x0rs! (4, Insightful)

QuantumFTL (197300) | more than 7 years ago | (#16542174)

Never attribute to malice that which is adequately explained by stupidity.

Re:Not 1337 h4x0rs! (0)

Anonymous Coward | more than 7 years ago | (#16542822)

stupidity in one is of great utility to maline in another. there's no reason here to attribute the diebold scandal(s) only to stupidity.

voting question is kind of academic (-1, Troll)

nido (102070) | more than 7 years ago | (#16542228)

... as far as the current system goes. Rigged elections are nothing new in America - why would the electioneers give up their control over the outcome voluntarily?

No, for "we the people" to get fair, honest elections, the entire crooked Feral government has to collapse first. The clean up crew can then round up George Bush, Dick Cheney, Donald Rumsfeld, George H.W. Bush, Bill Clinton and the rest of the globalist NeoCons, and turn them into NeoConvicts, for their warcrimes and other crimes against humanity. Bill Clinton for carpet bombing Serbia, the current crew for the tens (hundreds?) of thousands of civilian casualties in Iraq & elsewhere.

Fortunately, the world's only superpower isn't much of a superpower anymore. Not only is the economy on its last legs [slashdot.org] before a much-needed correction, but our leaders have abdicated the moral high ground. Our government is now little more than a jackbooted thug [urbandictionary.com], a Goliath picking on people in all corners of the world. But there are a couple groups with slingshots [informatio...house.info] to keep the balance, so all's well.

Crooked elections are the least of our worries, at this point - been there, done that, look what we got. I'm looking forward to Bush & Co. getting their due.

Re:voting question is kind of academic (0)

Anonymous Coward | more than 7 years ago | (#16542256)

God bless America. Go to hell you leftist swine.

OT huh? (0)

Anonymous Coward | more than 7 years ago | (#16542462)

> Clinton for carpet bombing Serbia

So Milosovich was valiant anti-imperialist?
Right.
And the Islamists are striking a blow against imperialism? By stoning women to death? Or chanting Islam is a religion of peace!! and shooting a 75 year old nun?

No problem with jailing the Bushies (for falsifying inteligence), and 41 for crack dealing, but Clinton? I don't like NAFTA as much as the next lefty but Clinton should be ignored, not jailed.

The problem with the knee jerk left is s/left/off left/

OT/Troll moderation must mean I've hit a nerve (1, Offtopic)

nido (102070) | more than 7 years ago | (#16542688)

So Milosovich was valiant anti-imperialist?
Right.


One theory is that Milosovich was winning his war-crimes trial at the Hague, and was going to call Bill Clinton as a hostile witness in his defense. Mighty convenient that he died of a 'heart attack'. But what do I know, I'm just the jester on the sidelines.

And the Islamists are striking a blow against imperialism? By stoning women to death? Or chanting Islam is a religion of peace!! and shooting a 75 year old nun?

The controlled media [thenation.com] picks up on the worst-of-the-worst in the islamic world, to make sure 'we' look down on 'them' as primitive. There are plenty of examples of nasty people in our own midst - who are we to look down on bad-apple islamists shooting a nun, when two American Highschoolers slaughtered 10 buddhist monks [crimelibrary.com] in a petty war game/robbery?

NAFTA is the least of Clinton's transgressions: Who Said Clinton Didn't Kill Anybody? [counterpunch.com]

Vote absentee (1)

BearRanger (945122) | more than 7 years ago | (#16542454)

My county doesn't currently use electronic voting, but if they used Diebold voting machines I would vote absentee. If enough people do this, thereby increasing election costs, the message will get out. Just the potential for shenanigans should be enough to disqualify these things.

abc news poll (2, Funny)

wkitchen (581276) | more than 7 years ago | (#16543052)

ABC News is running a poll titled Is Your Vote Safe? [go.com] that asks:

"Are you confident that your vote is safe and will be counted in the election?"

Oddly, this poll seems to be suffering some voting irregularities itself. Repeatedly refreshing the results yields this strange sequence:

approx 12:30am, 10-23-06
no: 738 yes: 101 ns: 86 tot: 925

12:53am
no: 743 yes: 101 ns: 87 tot: 931

12:54am
no: 737 yes: 101 ns: 86 tot: 924

12:55am
no: 746 yes: 101 ns: 88 tot: 935

12:56am
no: 670 yes: 84 ns: 80 tot: 834

12:57am
no: 721 yes: 99 ns: 85 tot: 905

12:58am
no: 734 yes: 101 ns: 86 tot: 921

the person who leaked it did one mistake (1)

Truekaiser (724672) | more than 7 years ago | (#16543138)

and that mistake is that he/she did not make as many copy's as possible to distribute them to as many journalists as possible. heck i would of done that and put it up on a few Usenet sites.

meanwhile... (3, Interesting)

dangil (167785) | more than 7 years ago | (#16543146)

... in the backwards, barbarous and poor country of Brasil, our elections have been 99% eletronic for the past 9 years, without any hicup... one can imagine that perhaps the monkeys, snakes and tigers are helping us vote somehow...

Re:meanwhile... (1)

NonViviDaSola (1010423) | more than 7 years ago | (#16543302)

How can you be sure that the vote isn't being stolen? The vote only has to be stolen once before an evil individual has the power to manipulate all future votes. It would also be in the victor's interest to make it appear as if votes were not being manipulated.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...