×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

An Open Letter To Diebold

samzenpus posted more than 7 years ago | from the do-things-better dept.

266

jcatcw writes "Computerworld's Rob Mitchell tells Diebold President and CEO Thomas Swidarski how to regain Diebold's reputation instead of throwing in the e-voting towel. He recommends full disclosure of all existing problems, a process for disclosure of future problems, hiring of some real professionals as CTO and as an advisory group, and public testing. 'Surely if Diebold can make a secure ATM there is no reason why it cannot make secure and reliable e-voting apparatus in which the public has confidence.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

266 comments

I have made it with a woman. (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#16781165)

Inform the men.

Secure ATMS? Ha! (5, Interesting)

MilesNaismith (951682) | more than 7 years ago | (#16781183)

What makes you think Diebold ATM units are secure? I had a friend who worked in bank software. He said if you knew half of went what on, you'd keep your money buried in jars.

secure ATM ?? (4, Interesting)

Dalec21 (865227) | more than 7 years ago | (#16781189)

ok .. maybe I am way off here .. was Diebold not the one that had all the videos posted of people cracking their ATM ?? [insert sig here]

VVPTs! (3, Insightful)

Anonymous Coward | more than 7 years ago | (#16781201)

They left out what may be IMO the single biggest factor if you're going to have a DRE voting machine: a paper trail!

I don't care if it's open source, audited, proved correct, or whatever, I would probably feel more comfortable with a machine from today plus a printer.

I'm not really holding my breath on this... (5, Insightful)

SeaFox (739806) | more than 7 years ago | (#16781205)

He recommends full disclosure of all existing problems, a process for disclosure of future problems, hiring of some real professionals as CTO and as an advisory group, and public testing.
My recommendations:
  • Make the code simple and open-source.
  • No last minute "patches" being applied by Diebold personnel on election day with no explanation why or review of the code beforehand. The machines should be frozen for most purposes when they're shipped and completely at least 72 hrs before election day.
  • Do a "dry run" of the election equipment to make sure everything is working properly before election day! I keep hearing about what sound like fairly simple problems cropping up at the polls that make you wonder if they do any testing at all on these systems before releasing them.

"Surely if Diebold can make a secure ATM there is no reason why it cannot make secure and reliable e-voting apparatus in which the public has confidence.""
When did they make a secure ATM?

Paper voting trail!!!! (-1, Redundant)

Anonymous Coward | more than 7 years ago | (#16781223)

'nuff said.

-

The customer drives security. (5, Insightful)

Paleolibertarian (930578) | more than 7 years ago | (#16781225)

ATM's are bought by banks. As much a $250,000 can go through one ATM in a weekend. (Maybe more) The banks demand security. Voting machines are purchased by bureaucrats who probably use "password" for their office PC password.

Re:Secure ATMS? Ha! (1)

TheWanderingHermit (513872) | more than 7 years ago | (#16781227)

That was my very first thought. The last sentence ("Surely if Diebold can make a secure ATM there is no reason why it cannot make secure and reliable e-voting apparatus in which the public has confidence") assumes that Diebold can make a secure ATM without any proof that they can. I doubt Diebold could secure a system even if it were in a sealed room with no network connections, used only to hold the NOC list, had a pressure sensitive floor around it, was behind a locked door, and had Tom Cruise repellant in the air vent.

I know the answer to this... (5, Funny)

quickpick (1021471) | more than 7 years ago | (#16781233)

Mr. Mitchell: Thank you for your concerns. STFU. I am Swidarski and all your votes belong to us.

But, wait a minute! (5, Funny)

Anonymous Coward | more than 7 years ago | (#16781243)

Someone clue this guy in. The Democrats won this time.

That means there's no problems with Diebold.

Re:Secure ATMS? Ha! (2, Interesting)

arun_s (877518) | more than 7 years ago | (#16781253)

The open letter sounds too idealistic, I can't imagine Diebold doing even half the things there. Looks like their line of thought is pretty clear from the second link:
Siwdarski is already trying to distance the Diebold name from its voting machine business to protect its brand.... the company recently ordered the name "Diebold" removed from the front of the voting equipment. Why? A spokesman would only say, "It was a strategic decision on the part of the corporation."
There's a fat line between what ought to happen and what actually does.

Re:The customer drives security. (1)

Bob54321 (911744) | more than 7 years ago | (#16781259)

probably use "password" for their office PC password

Note to self - must change computer password...

i have to ask (3, Insightful)

blackcoot (124938) | more than 7 years ago | (#16781261)

"Surely if Diebold can make a secure ATM there is no reason why it cannot make secure and reliable e-voting apparatus in which the public has confidence." — has diebold actually made secure ATMs?

Re:Secure ATMS? Ha! (1)

Chris Burke (6130) | more than 7 years ago | (#16781269)

He said if you knew half of went what on, you'd keep your money buried in jars.

And to think people called me a fool...

Now if I could just remember where my jars are buried...

But their voting machines ARE secure (2, Funny)

Anonymous Coward | more than 7 years ago | (#16781271)

But their voting machines ARE secure... the Democrats won!

Re:Secure ATMS? Ha! (0)

Anonymous Coward | more than 7 years ago | (#16781273)

I work in bank software, and I bank with a credit union.

I won't bury my money in jars, but I do think very hard about whether saving it is really worth my time.... Call it my bet on all this crap collapsing eventually.

Easter Egg (4, Funny)

Konster (252488) | more than 7 years ago | (#16781275)

To gain access to root on these machines, enter this code.

Left left left, right, A, A, C, Right, Left.

secure enough (4, Insightful)

Russ Nelson (33911) | more than 7 years ago | (#16781285)

Diebold ATMs aren't "secure"; they are merely secure enough that no further investment should be made in them because the losses are cheaper to accept than the cost of the increased security.

The ugly truth of voting is "lots of votes get flushed". The reason we trust our system of voting now is because we have partisan poll watchers who are making sure that the other party doesn't take liberties. In other words, little old ladies. No, all respect due to little old ladies, but do you think they feel confident being in charge of any kind of new technology? If they're wise, they won't be.

Re:VVPTs! (0)

Anonymous Coward | more than 7 years ago | (#16781295)

What does a paper trail do for us if:

* Election workers throw the paper away or shread it
* Election officials will not investigate
* State prosecuters will not press charges and prosecute
* Unethical laws exist that prevent transperency in the election process
* Unethical laws exist that prevent recounts
* Laws do not exist to ensure ethical and unbiased counts and recounts
* Election laws are not standardized and enforce across all states
* The general public is either too ignorant, nationalistic, or jaded to ensure a transperent and ethical election process

threads are dead (?) (3, Interesting)

arun_s (877518) | more than 7 years ago | (#16781299)

Can somebody puhlease fix the site (or atleast have a notification on the front page if something's being fixed)?
Why's poor /. gone so buggy all of a sudden?
Detailed information is provided by these [slashdot.org] gentlemen [slashdot.org].

ATM Security (3, Insightful)

kg4czo (516374) | more than 7 years ago | (#16781319)

The Fed regulates the security involved with ATM's. Every last detail is laid out, down to the 3DES encryption. Nothing regulates voting machines, and no sign of QA. Diebold didn't care, nor did the beurocrats that signed the damn order to unleash these pieces of shit on our population. Let's hope someone gets sued outta the shitstorm, and things change..... But I'm not holding my breath.

Obligatory (4, Funny)

gsfprez (27403) | more than 7 years ago | (#16781335)

I, for one, welcome our Diebold-provided Republican overlo.... what?

oh. shit.

does that mean we like Diebold now?

at least, there's going to be lawyers crawling all over the place making sure no one got disen... wait? They aren't?

holy shit.. i'm so confused. Fsck politics.

Re:Secure ATMS? Ha! (1)

BeesTea (580793) | more than 7 years ago | (#16781341)

No one insures jars though. Any risk to your money due to poor banking software is imaginary as it's all insured. Just be sure to always keep your deposit slips.

Re:I'm not really holding my breath on this... (1)

Soko (17987) | more than 7 years ago | (#16781353)

Good. How about a few more?

- All hardware should be identical in every conceiveable respect using standard, off the shelf parts. No custom ASICs allowed.
- Any ROMs, PROMs as well as the OS and vote tallying software should be distribuited on a pressed CD, not a burned CD. The MD5 sums of each software package on the manufactured CD should be clearly lablelled on the front, as well as on Diebolds website, along with the MD5 of the CD image.
- The votes taken should be recorded as a plaintext log with appropriate timestamps, not just totals. The log should be sent, along with it's MD5 sum, to each of the candidates after the poll closes, besides the appropriate election officials.
- The machine should print out a paper or mylar result of each voters ballot in a format readable by both humans and machines, with the log entry number and timestamp printed on the completed ballot. This allows the voter to check that the machine recorded thier vote correctly and creates a useful audit trail which can be used in case of disputes easily by being read into another machine to verify the totals, or even hand verifying each ballot against the log from the machine.

I think I could trust that system.

Soko

Re:I'm not really holding my breath on this... (1)

coleblak (863392) | more than 7 years ago | (#16781355)

All well and good but you forgot a very important thing. Outside auditing via trusted sources checking for backdoors/trojans. All it takes is one disgruntled employee with high-level access to the source to make it all that much easier for someone to tamper with the system even if it is locked down.

Re:Easter Egg (0)

Anonymous Coward | more than 7 years ago | (#16781357)

i think what you mean is up, up, down, down, left, right, left, right, b, a. kids these days...

Re:Secure ATMS? Ha! (1)

cpuffer_hammer (31542) | more than 7 years ago | (#16781365)

For banks money is like water is to a water company. As long as the amount lost costs less then fixing the pipes. Don't spend money fixing the pipes. If that water cost more or the results of leaking that water cost more then the pipes would be fixed. For a bank the $500 error is in your checking account is no problem, they spend more on gifts for there executive assistant. You mean it's more than a weeks pay for you. Sorry you should have been more careful with it. Yes you. Do you think it is worth our money to spend a million dollers so your $500 does not get lost. Next you will want free checking.

Diebold IS the problem (1)

bhima (46039) | more than 7 years ago | (#16781371)

The most significant problem here is Diebold itself and polling machine isn't all that hard to design or implement... there are dozens off variations.

I say that due to their involvement in this and the way they've handled problems this is the last group of people US citizens should be trusting with their vote.

Re:I know the answer to this... (0)

Anonymous Coward | more than 7 years ago | (#16781375)

it's "..and all your votes ARE belong to us".

Re:I know the answer to this... (0)

Anonymous Coward | more than 7 years ago | (#16781377)

This is funny, I don't see how it is flamebait?

Why electronic? (5, Insightful)

paulthomas (685756) | more than 7 years ago | (#16781381)

Maybe paper offers a greater degree of transparency than electronic bits. We shouldn't hope for more secure electronic voting machines, but rather a public realization that sometimes "if it ain't broke, don't fix it."

Sure, cryptography, open-source, signed binaries, etc. begin to offer the transparency we need in voting, but at the moment, the expense greatly outweighs any conceivable benefits (what, no need to argue about chads?).

Paper voting works. Distributed counting means less impact from an individual case of polling-place fraud, and the paper record can be stored for a public recount where many eyes can verify the results.

Re:I'm not really holding my breath on this... (1)

labnet (457441) | more than 7 years ago | (#16781385)

All a waste of time unless you have a printer that prints a voting that you can drop into a conventional cardboard ballot box.
Thus you can still manually count per tradtional systems and verify that with the machine count.

As has been said many times here before, I still see nothing wrong with the paper system.

Shouldn't be secret (5, Insightful)

Cracked Pottery (947450) | more than 7 years ago | (#16781387)

The design and source code of the machines should be public information. All of them. There should not be any IR or wireless connectivity. That includes the tabulators. Touch screen voting is slow, dumb and expensive. Complicated elections eat up time. Optically scanned ballots only need a few additional tables to accommodate a heavy turnout. Machine time per ballot is minimal, and the ballots can also be counted by hand.

Surely there are more than enough reasons (5, Insightful)

A beautiful mind (821714) | more than 7 years ago | (#16781399)

...why voting machines can't work:

"Surely if Diebold can make a secure ATM there is no reason why it cannot make secure and reliable e-voting apparatus in which the public has confidence."
ATMs are much easier to make. The ATMs _can_ trust the bank. The user can easily verify if the ATM works or not because they leave a "paper trail" (um hello, if it wouldn't give precisely the amount of cash out that you requested, wouldn't it be a little bit suspicious and wouldn't people have noticed it?).

Voting machines cannot trust neither the user, nor the authorities and to top it off it has to be verifyable to both. In short, a much harder problem.

The requirements to verify the voting process if paper ballots are used: being a non-retarded human being and a small amount of time.
The requirements to verify the voting process if voting machines are used: electrical engineer and programmer proficient in all related languages and access to the source code, months of time verifying the voting machine, then making sure the voting machine used at the election is the same one you verified.

If you look at it from the average person's perspective: in the first case the voting process is transparent for the average person. They understand and if they want, can verify the local process. Paper voting also gives a much better accountability to the overall picture. You generally count the votes locally, then make a official log about it, send the result up in the chain. Then when the overall results are known, you can check the website or whatever to see whether the numbers up on the website about the local results match with your local results you have in your hands. I know that if they didn't it would be found out pretty quickly because at least some people do make this comparison. So now we know that the local results on the website match the local results in the local voting stations. Now you can just simply add up the local results to check the big picture, whether it matches. At least some people will do that, so you can be reasonably certain that the results are pretty accurate, because to tamper with the outcome you would have to modify things on a local level at lots of places simultaneously and since we're talking about paper you'd have to involve a lot of people so we would know about it if someone attempted it.

In the second case, even if you would have the overlapping skill requirements to verify stuff, you still need to have the time and the access. Then, votes are tabulated not at a local level, but a step above, at a regional level, so you reduced the number of places you would have to tamper with in order to skew the voting process. Since it is a complex electronic process which few people understand exactly, you can modify the results involving much less people and can do it in a much more stealthy way. Since it is electronic, carrying out the act on a wholesale level is not a problem for the bad guys. You got to ask the question one time: which is easier: simultaneously manipulating a few tonns of paper scattered across the whole country when they are guarded by thousands of people, or voting machines coming from two main sources, two companies which aren't guarded at all, or to be more precise, people are forbidden to guard them (source code-wise) and even if you would attack not at the source code level, but at the regional counting level, then it's still much easier to tamper with than with paper.

We have to face it: not even an open source voting machine is good enough. It's much easier to simplify the ballots to catch up with the only positive thing voting machines provide, than to design an electronic system capable of transparent, accountable voting. Even if you take a barebones microkernel/firmware voting machine, it is still a hundred thousand(*) times more complex than paper voting.

*I just pulled that number out of my ass, but I think most people underestimate the complexity difference between the two methods.

Why would I want Diebolt to regain its reputation? (5, Insightful)

Project2501a (801271) | more than 7 years ago | (#16781409)

You guys are missing the point:

Given that:
1) the CEO, all of current management, sales and computer programmers who kept their mouths shut, remain in place,
2) the CEO being the same person who pledged to bring the elections over to the Republicans,

what would a solid reason be which would give me ANY, even tiny, reason to put ANY amount of faith, back into Diebolt?

Re:But, wait a minute! (1)

Baricom (763970) | more than 7 years ago | (#16781415)

Someone clue this guy in. The Democrats won this time.
It's not that I'm unhappy about that (I'm absolutely ecstatic) but I really worry that at least some of those races were decided not based on civil unrest, but instead by the Democrats learning to cheat better in the last two years.

The large number of Slashdotters that truly care about the trend our government is following shouldn't let their guard down just because the elections turned out right this time. The past two elections have proved that we have to stay vigilant, even now.

Re:But, wait a minute! (0)

Anonymous Coward | more than 7 years ago | (#16781419)

It only means that Diebold is already under a microscope and does not want to risk being exposed any more. So, they let the Repulicans do all of the other illegal and immoral things, and take the hit that it might not be sucessful as when the election is fixed by them. When the smoke has died down and people are not looking at them as intently, they can go back to their old ways. Also, it makes sense that given a choice between fixing a presidental election and fixing the midterm election, you would want to get your president into office.

Re:Secure ATMS? Ha! (1)

A beautiful mind (821714) | more than 7 years ago | (#16781421)

Yeah, banks regularly get attacked successfully(*). In some cases the attacker is never apprehended. There is a reason why, after all, banks are calculating in their budget with a given financial loss. We're talking about huge sums here, due to electronical fraud. The banks work on minimizing the amount, but it's still only small potatoes for them. In some cases they hire the one who had robbed them, to protect them.

*An ex security administrator from a major bank talked about it at a security conference.

Re:But, wait a minute! (0)

Anonymous Coward | more than 7 years ago | (#16781435)

Not really; Diebold let this slip because they were under scrutiny. Now that we're all convinced that The System Works, they're well-poised to screw us next time.

Welcome to the sausage factory. (1)

Kadin2048 (468275) | more than 7 years ago | (#16781447)

It's called the "sausage factory" effect.

If you knew what went into probably 90% of the products you use daily, you wouldn't want to have anything to do with them. It's obvious that Diebold's voting machines were the Grade D blood sausages of their lineup; made with the shoddiest possible materials in order to extract the maximum possible profits from an unwitting buyer. Their ATMs, I suspect, are a little better; it might not contain all the ears and noses that get tossed into their real cheap crap, but they still might be lax if Freddie on the meat saw sneezes all over it.

Open source voting, and to a larger extent open source software, are like the organic food of the IT world. Nobody's guaranteeing that the end product will taste good, but at least you know what's gone into it. Or if you want to put it another way, it's a sausage factory that anybody can walk into and check out.

Re:The customer drives security. (1)

A beautiful mind (821714) | more than 7 years ago | (#16781449)

It's funny to see how the banks network with each other. They deemed that using an outside company for developing the network and software for the banks cannot be trusted. The company that operates/develops the worldwide financial networking is owned by the world's banks, the percentage of ownership in that company governed by marketshare/financial state of the banks. Those guys in that company are a pretty secretive bunch. The location of the top financial message centers isn't even public. The most thing a layman can know is that there are around 6 to 9 such centers and roughly the continent they are located on.

Re:Secure ATMS? Ha! (1)

notanatheist (581086) | more than 7 years ago | (#16781463)

Honestly, I fear using the newer ATMs that BofA is using. I don't like the idea of getting my money from a box that runs Windows.

test reply (0)

Anonymous Coward | more than 7 years ago | (#16781465)

It seems that Slashdot's not displaying replies properly...

My Open Letter (5, Funny)

Anonymous Coward | more than 7 years ago | (#16781471)

Dear Diebold

After years of absymal performance, the public is understandingly distrustful of both your product and company. Don't fret, the world's expectations for the performance of the entire computer industry are quite low. Products don't even have to be good, just good enough.

So here are a few steps you can take to finally gain voter's confidence:

1. Under no circumstance should you release your source code. I know that earlier revisions have been distributed to the general public, and look at all the trouble that has caused. It is better to remain silent and thought a fool than to speak and remove all doubt.

2. Outsource, nobody ever got fired for outsourcing. Americans will celebrate knowing that many nations came together to build their democracy.

3. Encryption is an overrated buzzword. People love transparency in the democratic process.

4. Paper trails increase the price of an election for taxpayers. So do your patriotic duty and keep costs to a minimum. Besides, if the paper trail and computer result were different, it could create a lot of work and problems for your fine institution.

5. Another method to keep costs down is to minimize luxuries like manuals and support staff. Don't worry, elderly volenteers will learn how to operate and repair these systems with ease.

6. Hire a well known person to oversee my proposed inititives. I recommend Karl Rove, I'll bet he'll even pay you for this privilige.

7. To prove that the public knows that you are running this company for the love of democracy and not money, I'd recommend everyone employed by Diebold to dump their stock before doing anything else I have recommended. To get a fair price, you'll need to know about the status of the company, so build a Diebold Accounting program to count your assests (it shouldn't be too hard to fork your voting software). Remember that it is your corporate duty to release the results to the public.

To ensure that no politican could ever shut you down, claim that you have created many jobs. To bolster your numbers, claim that the dead work for you, if they can vote, why not make 'em work?

See you in 2008,
ac

I think they've got bigger problems (2, Funny)

Kris_J (10111) | more than 7 years ago | (#16781475)

Now that the Democrats control both houses, I think Diebold is looking down the barrel of some serious election tampering charges.

Re:But, wait a minute! (1)

ArcherB (796902) | more than 7 years ago | (#16781477)

Someone clue this guy in. The Democrats won this time.

That means there's no problems with Diebold.


In a few weeks you'll learn that the machines were hacked to make the Democrats win... The surprise will be that they were hacked by Rove to make the Dems look like cheaters so that Jeb Bush can get elected in '08 with Lynn Cheney as a running mate.

I think you need to put your tin-foil hat back on. The rays are getting to you. And get the bong while you are up.

Re:VVPTs! (1)

anagama (611277) | more than 7 years ago | (#16781479)

Why not have the machine print out a human/machine readable ballot (names with bubbles filled next to your choices) and then have an optical scanner read the votes? This gives you a stack of ballots that can be hand counted if necessary. It eliminates people accidentally spoiling ballots (no hanging chads etc.). You don't have to worry about a bunch of votes getting digitally corrupted and being completely unrecoverable. You don't have privacy issues that can occur where an observer keeps track of who goes into the booth and then reviews the printed paper trail (assuming the trail is generated as people vote, it is trivial if tedious to figure out who voted for what/who).

This isn't my idea BTW. I first heard this suggestion on Science Friday interview with Avi Rubin:
http://avirubin.com/ [avirubin.com]
http://www.sciencefriday.com/pages/2006/Oct/hour1_ 102706.html [sciencefriday.com]

Wait, who cares if diebold *can* do it? (4, Insightful)

np_bernstein (453840) | more than 7 years ago | (#16781481)

First off, the United states has MASSIVE Debt right now. Diebold, secure or not, is HUGELY overcharging. There are perfectly good alternatives [openvotingconsortium.org] which are OSS & Free. Now - I like open source, but I have no problem with commercial software. Hell I work at Microsoft. Voting systems are one place where the code should be open. This is one system that should be maintained by the public & the government and not a penny should be exchanged for it.

Now, I'm all for people making a living at developing commercial software. Diebold has smart people and they can figure something out to make a buck. Heck, as far as I'm concerned, if they can meet some standards they could sell the hardware. But - the US Debt per person is $28k each [brillig.com]. Isn't there other things that we could be using the money we're spending on voting machines on? Here's some that I can think of:
  • Balancing the budget
  • Research & Development Grants
  • Education Loans/Grants
  • Small business loans/Grants
  • public financing of elections


Anyway, just $0.02
-n

Re:ATM Security (1)

RAMMS+EIN (578166) | more than 7 years ago | (#16781489)

``Nothing regulates voting machines, and no sign of QA.''

Yes, that's the big problem right there. Obviously, you can't trust companies to make reliable voting machines if you don't specify good requirements that they must meet, and test for compliance.

The same problem exists in the Netherlands, where voting machines were tested and approved, yet later found to be completely insecure, so that there is no assurance at all of a reliable election process in which votes are counted correctly and not snooped upon.

Yesterday, I was told that, in Germany, the government had a voting machine vendor write the requirements that voting machines have to meet. I wasn't told about the quality of these requirements as far as a trustworthy election process goes, but, apparently, the requirements are such that some voting technologies from competing vendors could never meet them.

Re:I'm not really holding my breath on this... (1)

ArcherB (796902) | more than 7 years ago | (#16781491)

My recommendations:

        * Make the code simple and open-source.
        * No last minute "patches" being applied by Diebold personnel on election day with no explanation why or review of the code beforehand. The machines should be frozen for most purposes when they're shipped and completely at least 72 hrs before election day.
        * Do a "dry run" of the election equipment to make sure everything is working properly before election day! I keep hearing about what sound like fairly simple problems cropping up at the polls that make you wonder if they do any testing at all on these systems before releasing them.


I'd be happy if they'd just give me a fuckin receipt, even if I have to leave it a ballot box on my way out just in case there is need for a recount.

Re:threads are dead (?) (0)

Anonymous Coward | more than 7 years ago | (#16781495)

the threads aren't dead they've been raptured

Re:Surely there are more than enough reasons (1)

MadMorf (118601) | more than 7 years ago | (#16781499)

ATMs are much easier to make. The ATMs _can_ trust the bank. The user can easily verify if the ATM works or not because they leave a "paper trail" (um hello, if it wouldn't give precisely the amount of cash out that you requested, wouldn't it be a little bit suspicious and wouldn't people have noticed it?).

I don't disagree with you totally, but ATMs that are not installed in banks are just as secure as those in the bank.

Making the voting machines the same way they make stand-alone ATMs, should go a long way to improving security.

Allowing poll worker access to anything inside the voting machine shell should be a big no-no. Diebold has techs available 24/7 for their banking operations (I should know, I used to be one.) These same techs should handle ALL problems with voting machines and should only be allowed access to the VMs when in the presence of voting officials and Diebold management (also positioned all over the country), just like ATMs. Techs don't get access to the ATM with out a bank manager or 2 armed Wells Fargo guards.

NOT just little old ladies (1)

mrfett (610302) | more than 7 years ago | (#16781505)

you know, things in election day preparation and execution are changing. i volunteered to be an election judge Tuesday in Maryland's infamous Montgomery County, and in the one precinct i was in we had myself and a guy who does IT security for NASA as judges. yes, there were also some elderly folks, but the thing is, there's nothing stopping us geeks from getting involved. the county made a real effort to implement procedures that helped bridge the gaps in security that the machines introduced, and the result was a pretty successful election. it's true that elderly poll workers perhaps aren't the best choice for staffing a country-wide rollout of new technology, so that's why people who give a shit need to get involved. if all geeks are willing to do is submit sensationalist stories to /. making outrageous claims that the sky is falling, then you are only pawns implementing the powerful's plans of voter suppression and intimidation. the fact is, people came out to vote, and their votes were counted. all the hype only served to keep people from coming to the polls, fearing it was a lost cause. it wasn't. these machines are not perfect, but if people with know-how are unwilling to help, and only willing to bitch from the sidelines, they're just as much of the problem as Diebold is.

Re:I'm not really holding my breath on this... (1)

cheater512 (783349) | more than 7 years ago | (#16781509)

72 hours? I'd prefer to be voting on a machine which has been frozen for a month before the elections.
Not too hard to do either since the machines are relatively simple.

Is there any real chance of full disclosure? (4, Interesting)

edwardpickman (965122) | more than 7 years ago | (#16781515)

If there's a hand in the cookie jar full disclosure is highly unlikely. I said before the election was over that if the Democrats won in some of the close states there wouldn't be an inquiry because it might expose attempts to sway the elections by Republicans. With the Senate so close there hasn't been a whisper of opposition. Given how hard the Republicans fight I find it really telling that they aren't claiming fraud by the Democrats. I have a feeling the election wasn't so close but fraud managed to make it close but still couldn't win them the election. There were multiple claims of fraud and election problems on the day but everyone is letting it pass quietly. There needs to be a paper trail and the representatives from each party need to oversee security at every polling place. Even if it means flying Democrats into the deep south to balance things.

think bigger, and simpler (5, Insightful)

pascalpp (684288) | more than 7 years ago | (#16781517)

The problem with electronic voting machines is dwarfed by the problems inherent in the way voting is done in most states. Oregon has been using vote by mail for 10 years and they consistently have higher voter participation than every other state and practically no fraud. What's more, voters are better informed about the candidates and issues they're voting for and have time to research before voting. To learn more, check out: http://www.votebymailproject.org/whyvotebymail.htm l [votebymailproject.org] Electronic voting is cool, especially for a user interface geek like me, but in this case, simpler is better.

Re:Secure ATMS? Ha! (2, Funny)

commodoresloat (172735) | more than 7 years ago | (#16781541)

Oh yeah? Well, I have a friend who posts on slashdot. He said that if you knew half of what went on, you'd keep making claims without any evidence at all!

Re:I think they've got bigger problems (1)

will_die (586523) | more than 7 years ago | (#16781555)

And if there was any truth to the election tampering conspiracies do you think the Democrates would of kept quiet up to now. Not talking about the various main stream democrates blog that talk about electronic tampering and how Bush planted explosives to blow up the towers in NYC, but the ones in congress.
What you will see, and some of the Democrates have said is they will be bring out thier enemies list and going after thoses just for show.

Re:How about starting off with (1)

will_die (586523) | more than 7 years ago | (#16781575)

Like the main competitors of Diebold having members of the Democrate Party as vice presidents and being major supports of the Democrate party in money and time?
How about the first admendment freedom of association?
If the guy did anything to program the machines to change the votes lets have the evidence, otherwise it is just political sour grapes.

Re:secure enough (1)

glwtta (532858) | more than 7 years ago | (#16781577)

making sure that the other party doesn't take liberties

That's odd because both parties have been trying to take my liberties for a long time now. And they are doing pretty well at it, too.

Re:Surely there are more than enough reasons (1)

dfenstrate (202098) | more than 7 years ago | (#16781579)

Honestly I don't see why everyone doesn't use New Hampshire's system.

I don't see how it could get significantly faster, simpler, or even cheaper.

1. A scantron sheet with four columns: Office, Republicans, Democrats, Other/write in.
Fill in the circle next to the guy you want to elect.
Screw up? Just get another sheet.

2. Put it in the machine at the exit. The Votes are instantly tallied and a simple to read paper ballot is right there for checking. No hanging chads. No screens out of sync. Easily Verified. And cheap- two or three machines per polling site.

What's not to love?

Those damn tags! (4, Interesting)

GFree (853379) | more than 7 years ago | (#16781585)

So... many... traps

Is Slashdot infested with mice (or other vermin) to require so many itsatrap tags or what?

Vote by mail is the way to go (1)

bxbaser (252102) | more than 7 years ago | (#16781619)

I think all states sould vote by mail.

On a side note if you want to make $1500 dollars per week just by stuffing envelopes let me know, we dont need any help anymore this year but in november of 2008 we will need workers that live in oregon and hopefully a lot more states by then.

Re:I know the answer to this... (1)

quickpick (1021471) | more than 7 years ago | (#16781631)

Damn keyboard must be hacked...let me check..oh yea...it says Diebol...damn it won't let me type Diebol.d!

There's no way I'd trust any voting computer. (1)

eco2geek (582896) | more than 7 years ago | (#16781637)

It'd be a bit easier to, if the code it ran, as well as the OS it ran on, was open-source, but even so, any computer made to record votes is suspect.

The comparison of a voting computer to an ATM is interesting. ATMs made withdrawing and depositing money without a human bank teller present ubiquitous. But when you use one, you authenticate yourself to the machine, first by having a bank card, and second by inputting a PIN. Your picture is taken. The machines have tamper alarms. The results of using an ATM are instantly verifiable, if you withdraw cash, or almost instantly, if you deposit money, by checking your balance online. With a voting computer, on the other hand, you don't authenticate yourself to the machine (do you really want a "national ID card"? I don't); there's usually no one watching what you're doing while you vote; and there's no way to verify the results (AFAIK, you usually don't get a receipt -- and even if you did, how do you know someone hasn't hacked the machine?). I don't know if these things have tamper alarms, but haven't heard that they do.

In short, there's no reason to throw a high-tech solution at a problem like how to record votes, when existing low(er)-tech solutions do the job just as well, and are less prone to tampering.

Fortunately, my state does vote-by-mail. If any state that's decided to use computerized voting machines has an initiative petition process, I'd encourage the citizens of that state to write a petition to ban their use.

Public votes have no place among corporate persons (4, Insightful)

tykinnison (972246) | more than 7 years ago | (#16781663)

The point, I hope, that does not get dimissed, is that our votes have absolutely no place being counted by private interests. None.

why do they deserve a second chance? (0)

Anonymous Coward | more than 7 years ago | (#16781665)

They have been paid millions upon millions of dollars for this equipment and have made a fortune.

Why should more money be given to them to fix a problem they made?

The government should TAKE the equipment and code they purchased and give it to an open source group to either learn from or scrap entirely and build something better.

Re:Secure ATMS? Ha! (0)

Anonymous Coward | more than 7 years ago | (#16781681)

I happen to work for a company that writes "banking software," (which, incidentally, in 99% of cases, pure banking software has NOTHING to do with actually driving the ATM) as well as software that drives Diebold (and many other) ATMs.

A few things,

0) The vast majority of Diebold ATMs are (still) dumb, which means, they are programmed to do what software tells them, and in most cases the software is limited as to what it can present the ATM with (I.e., write this text on the screen at this position, etc.) Newer Diebold ATMs are using a new Diebold application which was only released a few months ago, which allowes the displaying of web pages with active content, etc. To the best of my knowledge, this is NOT yet available on any Diebold ATM running Diebold software, anywhere in the world. You can, however, emulate other ATMs, and software on a Diebold ATM.
1) If you are talking about physical security, (which you are probably not), An ATM has a safe, which typically is at least 5 inches of solid steel, behind which there are canisters containing cash.
2) The cash in the ATM is not "your" cash, it belongs to the bank. If someone steals it, or manages to commit fraudulent transactions, either with a stolen card, or in some other way compromising the ATM, it is, once again, not your cash being stolen, but the bank's.
3) PINs are encrypted on an ATM directly in the PIN pad, for which a cryptographic (typically TRIPLE DES) key is loaded into the ATM, which is typically unique per ATM. (Unless the bank is stupid, in which case, once again, it has nothing to do with the security of the ATM)
4) Even if a savvy would-be bad guy got access to the administrative functions of an ATM, (which includes loading a new cryptographic key on it), the Cryptogram for that key is loaded on the bank's mainframe or switch, associated with the terminal ID, so that would get him absolutely, squat. The bank's mainframe / switch will decline all transactions on an invalid crypto key.

Therefore, the only way, or the majority of ways, in which an ATM is compromised, is by stealing cardholder information, or by tapping into bugs in some software upstream from the ATM. Which, if you understand how things work, has nothing to do with the security of the ATM.

Disclaimer: I am not affiliated with Diebold in any way except that I am a certified Diebold (amongst others) ATM programmer, so I just happen know how ATMs work. It bugs me when people who don't, make vague, unbacked statements about them.

Re:Secure ATMS? Ha! (1)

jinxidoru (743428) | more than 7 years ago | (#16781705)

So you're saying that my investment strategy is a good one? Awesome! I'm going to go count my jars.

The topic is voting machines (0)

Anonymous Coward | more than 7 years ago | (#16781721)

Here. [slashdot.org]

There's that saying (0)

Anonymous Coward | more than 7 years ago | (#16781723)

"Never attribute to malice what can be adequately explained by incompetence."

However, I don't think Diebold is incompetent here. If you assume they are corrupt and _want_ those flaws to remain in there, such a petition makes absolutely no sense. And I definitely think that's the case here.

Re:Is there any real chance of full disclosure? (0)

Anonymous Coward | more than 7 years ago | (#16781727)

There's zero, zip, nada, nil chance of full disclosure! Full disclosure would be like a crook walking up to a cop and confessing to a crime - sure, it happens once in a while, but not very ghoddamn often. These machines work poorly by design, not by accident. I suspect it's a combination of bad design, poor quality, and deliberate malfeasance.

I've worked in two heavily regulated industries - medical devices (pacemakers, etc) and casino gaming (slot machines & systems). We have to provide the source for our products (which is kept in escrow), along with build instructions, so they can reproduce our binaries. Our software is tested by external testing companies before it can be installed, and the versions installed must match, bitwise, with the versions we provide. In casino gaming, we don't have paper trails for everything, but there are electronic records of most everything, and slot machines even have mechanical counters to track key values like money wagered and money won. We also track users, handle printing and redemption of tickets, and can do all of these things across multiple locations for the same casino chain.

Yes, as another poster pointed out, there are trust issues, but compared to the stuff I've been working on for the past decade, a voting machine is NOT a hard problem to solve. If Diebold had wanted (or needed) to do make a better-quality product, they would have. They were able to get away with A LOT because they were in good with the decision makers. Now that many of those decision makers have been booted, I expect that things could get *very* interesting for Diebold.

Re:Secure ATMS? Ha! (1)

RoffleTheWaffle (916980) | more than 7 years ago | (#16781739)

Just out of curiosity, were there any juicy details he shared with you that would be safe to post here? (Or do you know of any good sources for this information right off the top of your head, preferrably verified news reports?) I'm curious about this... And no, not for criminal reasons.

(In before, "Sure you're not.")

Re:Secure ATMS? Ha! (0)

Anonymous Coward | more than 7 years ago | (#16781755)

He said if you knew half of went what on, you'd keep your money buried in jars.

Who's to say we don't? But then, if I had my money buried in jars, do you think I'd be telling anyone about it?

The topic is voting machines (0)

Anonymous Coward | more than 7 years ago | (#16781771)

Here. [slashdot.org]

Re:Obligatory (1)

Coeurderoy (717228) | more than 7 years ago | (#16781791)

You are not paranoid enough, the democrats needed to win this time so that the republican can offload all the blame onto them and win in 2008.

Re:Surely there are more than enough reasons (1)

tibike77 (611880) | more than 7 years ago | (#16781853)

Actually, extending your reason, you can prove why PHYSICAL presence, completely "secret", one-day-only VOTING IN GENERAL can't work at all.
Or heck, that VOTING itself is useless. Here's how you can infer that.

First of all, either in a "pencil-and-paper only" ballot counting process or in an electronic type of voting, you still have to rely on the fact that the actual physical papers you have there ARE the papers the voters have placed in the box... or in the other case, that the individual vote count is the actual vote count. The tampering is probably harder to pull off in the physical ballot form, but it's still there.
As long as the vote is SECRET (as in, not even you can verify WHAT you were recorded to have voted), you have to place your trust in a "tamperable with" system.
If you do NOT have a secret vote, you can end up with vote sales or even worse, vote cohercion.
Which of the alternatives is worse (trusting but not knowing if your vote was correctly registered vs being able to verify but therefore also not having the safety secrecy offers), now that's up to you to decide. IMHO, both options are lacking, badly. And I can't possibly conceive a system in which both conditions are met (absolutrely no trust needed, always able to verify personal vote, secrecy preserved).

You also have to rely on the fact nobody voted in two (or more) places at the same time, in other words only accept a certain name on a certain list, where people HAVE to be physically present there and only there and identify themselves.
This means two things: you have a huge line-up of people that WANT to vote in certain precints but are physically incapable to (due to long waiting lines, exhaustion or just not enough patience), as opposed to places where people just don't care about voting and precints are nearly empty.
Extending the voting period could mean ample time to allow tampering, allowing voting out of precint can lead to double/multiple votes.
Allowing "mail-in" (or simply internet-based) voting could be as easily tampered with as any other method, just in different ways.

All in all, you reach the conclusion that no matter HOW you vote, your votes CAN be tampered with, no matter how hard you try.
It's only a problem of how willing are you to spend exponentially more money to increase the security of the vote just a little bit (and not even guaranteed to increase the security/accuracy of it).

You're equally better/worse off by simply having representatives (and even the president) elected via a lottery system instead.

Forget Diebold! What about Fox? (0)

Anonymous Coward | more than 7 years ago | (#16781865)

Poor Rupert Murdoch will have no one left to suck up to.

Might I suggest televizing Saddam Hussein's Execution? He killed over a thousand of Kurds after all.

Not like George Bush who only killed 650,000 Iraqis and 2,8000 Americans. Totally different.

There you go Rupert! Whoze ya Daddy now?

Re:But, wait a minute! (1)

h4rm0ny (722443) | more than 7 years ago | (#16781889)


Maybe they would have won more, though. ;) Did you know that the DOW Jones has gone up with the results, in anticipation of a dead-locked government and no big changes ahead? That says a lot?

Irrational company bashing (2, Interesting)

fortinbras47 (457756) | more than 7 years ago | (#16781905)

How much of the criticism of Diebold is legitimate and how much is over the top political grandstanding?

I don't know quite how it happens, but through some process, it becomes in vogue to completely hate and irrationally bash a company. For a while it was cool to hate Nike, but then people got over it. Same with the GAP. (Maybe its the millions they spend on ads.) Now the latest is for all the politicians to bash Walmart. Hillary Clinton returned Walmart's contribution to her campaign "because of serious differences with company practices." She USED to sit on the Walmart board, and it's not like they made some dramatic change in strategy. Academic studies show that Walmart provides the same kind of wages and benefits as other companies in the retail sector, but that doesn't seem to affect the Walmart criticism.

Techy people love to hate Microsoft, sometimes for good reason, but much of the stuff you read on Slashdot is beyond way out there. My impression is that the anti-Microsoft crowd is getting smaller. Nobody seriously talks about breaking Microsoft up into separate companies anymore, even though Microsoft is roughly about as dominant in the OS and office suite market as it has ever been.

PR is expensive, and I guess giving up the vote machine business may be Diebold's only way to get out of the political target sight.

Re:How about starting off with (1)

Xiph (723935) | more than 7 years ago | (#16781913)

(How about starting off with) banning all employees from being affiliated with any political party?


Preventing people from being members of a party would be against the freedom of assembly.
I don't know what it's called, but it's one of the basic freedoms which is in all the basic human rights declarations i remember (french, euro, un (NOT childrens rights)).

I do agree it would be nice to have neutral people make it, but it would be quite unlawful to reject a job application due to partisanship, and even more obviously to fire someone because they joined a political party.
I'm aware that something like this probably happened during the commie-witchhunt, but none of us want to go that way again anyway.

An obvious other way to ensure the same neutrality, would be to have it open to review by anyone who wish to do so. This is why so many are advocating for forcing open source onto voting machines.

Not likely (4, Interesting)

eclectro (227083) | more than 7 years ago | (#16781955)

The same hubris that made them lie on the video in "hacking democracy" will lead them to ignore this letter. I poll watched Tuesday for a couple of hours, and even though there was the veneer of smooth operation here, in actuality there were numerous unseen problems/potential problems.

  • Poll workers were not familiar with the technology. They all know what a computer is, but they don't know what happens inside the computer. Like the difference between "registering a vote" (best for a testable system) versus actual "counting the vote" as the individual Diebold machines do.

  • These machines (unlike the ones in Virginia) do produce a paper tape of the votes. I bet Diebold, being the cheapskates they are, used the same printer used in the ATMs. The printer housing protrudes [windley.com] about 10 inches away from the touchscreen. So when the voter stands at the machine to vote the printer is at the side of the voter so the voter can not see it. I saw only one person watch what was printing, and he had to do this by stepping back from the machine after pressing each selection. Everybody else just ignored what was being printed.

  • There was numerous problems with inserting the voter card into the machine. Even though the voter put the machine in the card, it seemed to occasionally have a hard time accepting it, and it hung up a few people. A small detail, but with thousands of voters vying for a few machines and poll workers needing to attend to it, it has the cumulative effect of making the lines longer.

  • The elderly, handicapped, and infirm all seemed to universally struggled with the machines. While they may normally struggle with any voting, I overheard one person tell her caregiver and these were her exact words "those machines are hard." Her caregiver responded and said "no, those were easy" which brings up the next critical point;

  • Everybody liked the computer touchscreen. We are a nation that for the most part embraces new technology. But because "it's a computer automatically means that it's right" thinking takes over here. I heard many voters say "that's slick" or "that's neat." The public needs to be educated between the difference of "being slick" and "being correct." Election officials that had problems were quick to excuse it as "operating error" and big media inexcusably reported it as such, but clearly there are issues of usability that come into play with these machines. Giving voting machine vendors a pass on this is inexcusable. I think the election officials "defending their purchase" rather than address issues is wrong. And as voters think "Because it's a computer" does not make the machine and software operation and design correct (as any slashdotter will tell you), voting machine vendors should not take advantage of this to ignore problems.

  • I wonder what the durability of the memory cards are. Maybe my fellow slashdotters could enlighten me as to the number of read/write cycles before they go bad. This needs to be a matter of public record. Remember, these cards are facing industrial duty with millions of votes cast. Are they rated for this use or did they get them from CDW? I bet they aren't. This seems like a potentially fatal election killer to me if one of those cards break, either from memory going bad or the physical bending of contact pins in the slot (I have seen that happen with other cards).

  • While we have a paper trail, if there is a recount needed, how hard will it be for the election workers to read the votes in tape form? How long will this take? How accurate will it be, or will the recount only serve to confuse the outcome further or will it clarify it? As can be seen, the political climate is such that a recount happenning is guaranteed. Also, for all those machines without a "paper trail," because a recount is impossible (as it's just a re-tally), they should not be a part of an election system that says it can recount, because it's not by definition. This needs to be politically unaccepatble everywhere.

This all came from just watching for a very little while (from a nonexpert nerd). I can't but help wonder if Diebold has ever done this, and if they have, what they have found. Hiding that from the public is wrong. Though it might not be illegal, an investigation needs to be made here, and laws changed. Which brings me to my final point.

Clearly there was some astroturfing done by some vendors. Rather than address issues, this only adds to the confusion. This indicates the complete lack of needed transparency. Diebold is continuing to exercise "bad faith" rather than owning up to the weaknesses of the system. This not only shows disregard for the vote, but the American people that cast them.

We need to remember that it is WE the taxpayer who has purchased these machines, not an election official, not a politician, and the question we need to ask is if we should be doing business with someone who seemingly spits in our face and scoffs about our concerns for our vote, which is sacred as American blood has been shed to give it to us.

Re:Why would I want Diebolt to regain its reputati (0)

Anonymous Coward | more than 7 years ago | (#16781991)

Because that CEO resigned last year?

Let the Trap Wars Begin Children!! (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#16781993)

I'm tagging everything I see with a "itsatrap" tag with "shutyourtrap". "itsnotatrap" and "!itsatrap" are clearly too indirect.

Really would like to see some more info about tags - how many people must tag the story with a particular tag before it shows up for everyone? i.e. How many people are tagging every single last story with this "itsatrap" nonsense?

Ever heard the story about the little boy who cried wolf? What happens when Bill Gates invites Linus Trovalds over for dinner, but Linus ritually ignores the "itsatrap" tag attached to the headline and ends up brainwashed and wandering around in Prague wondering where his right hand is?

You gonna think it's so funny then? Huh? Huh? Huh?

Go ahead, waste your mod point on this nondeserving AC post... but I'm warning you...

itsatrap, shutyourtrap (Tagging Beta no workie)

Offtopic? No, itsatrap! Now shutyourtrap.

Re:Wait, who cares if diebold *can* do it? (1)

killjoe (766577) | more than 7 years ago | (#16782019)

We already have public financing of elections. It's just that the money is so small it makes more sense to reject public funding and go for the bribes instead.

I don't think there is any solution to this problem. As long as the govt has any power at all over people or commerce people will make sure somebody who will butter their bread are elected. They can either do this by directly bribing the politician like our current system or they can fund efforts on their system like our current system, or they can do both like our current system.

As long as the govt is spreading the money around people will do everything in their power to get some of that.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...