×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Help Black Box Voting Examine ES&S Software

kdawson posted more than 7 years ago | from the ooh-fresh-code dept.

Security 197

Gottesser writes, "Bev Harris of Black Box Voting has asked for the help of the Slashdot community. She would like people to take a look at ES&S's central tabulator software and start reporting on their impressions of it. This is a past release of the software but it is similar to the applications in production. Sorry, no source code." Read on for Bev's request and pointers to the code repositories. Update 23:38 GMT by SM Bev has confirmed that blackbox1.org is indeed owned by BlackBoxVoting making both a comment in the discussion and a post on the front page of blackboxvoting.org to help assuage reader fear/doubt.


From Bev:

"ES&S 'Unity' central tabulator software.

Software stash: three zip files --
http://www.blackbox1.org/ems.zip
http://www.blackbox1.org/un5.zip
http://www.blackbox1.org/Unity.zip

User Manuals for ES&S software can be found here:
http://www.bbvforum s.org/forums/messages/2197/2864.html

This is the ES&S central tabulator software, the ES&S counterpart to the Diebold GEMS central tabulator software. No source code, sorry, and no software for the precinct machines. This is reportedly one generation back, but from what I'm told has significant similarities to the new stuff. I would appreciate it if you can provide me with feedback on your impressions after looking at it. You may want to Slashdot it or whatever.

Best,

Bev Harris
Founder
Black Box Voting

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

197 comments

I won't ask... (1)

Grakun (706100) | more than 7 years ago | (#16827294)

I won't ask where this came from...

Re:I won't ask... (4, Interesting)

Anonymous Coward | more than 7 years ago | (#16827648)

I wonder if the story is legitimate. The domain is "blackbox1.org"... but shouldn't it be "blackboxvoting.org"? Is this story a scam?

I don't see any mention of this on the real blackboxvoting.org site, and blackbox1.org was just registered anonymously a month ago through "Domains by Proxy".

Could this be an attempt to infect thousands of Slashdot users with a trojan? Seems odd to have these binary downloads from an unknown server, with no official attestation... even the user who submitted the story, Gottesser, was created recently and has no real info in the profile.

Re:I won't ask... (2, Insightful)

mackyrae (999347) | more than 7 years ago | (#16827858)

99% of /. is using Linux. Only 1% will be affected.

Re:I won't ask... (1)

chis101 (754167) | more than 7 years ago | (#16828122)

99% may claim to use Linux, but I guarantee you that 99% is not even close to the true figure.

Re:I won't ask... (0)

Anonymous Coward | more than 7 years ago | (#16828196)

Uh, it's called a joke, and it just flew over your head.

Re:I won't ask... (1)

dieth (951868) | more than 7 years ago | (#16828332)

Use Linux to Run VMWare To Run Windows To Run Internet Explorer 7 to Post on Slashdot Press the Magic "revert" button and all the badness goes away.

Re:I won't ask... (1)

Frosty Piss (770223) | more than 7 years ago | (#16828000)

For what it's worth (not much), both blackbox1.org and blackboxvoting.org are hosted at Rackspace...

Re:I won't ask... (1, Interesting)

Anonymous Coward | more than 7 years ago | (#16828172)

I looked a little more, and found more strange information:

blackboxvoting.org = 72.3.135.10
(That ip address reverse resolves to blackboxvoting.org, which is expected.)

blackbox1.org = 72.32.2.234
(That ip address reverse resolves to floridawebmasters.com....)

Checking the floridawebmasters.com site, there's not any useful information. It's either in development, or a scam site placeholder. Maybe the reverse resolution is broken because someone forgot to update the records, or maybe the server was hacked and is just being used to host the files. Or maybe the files are being hosted on an account from digitaleel.com, which seems to have the same owner as floridawebmasters.com.

story is legitimate, I just talked to Bev by phone (4, Informative)

kaan (88626) | more than 7 years ago | (#16828068)

I just got on blackboxvoting.org and called the primary phone number, and Bev Harris answered the phone. This is legitimate. I talked to her for about 5 minutes, explained that an article showed up on /. and there were questions about its authenticity. She said it was legit, they set up a new domain name so they don't hammer their primary server (they've gotten a ton of traffic lately). She said she could not disclose where she obtained the executable code, but that it was real software and she wanted feedback from the slashdot community. This is really from Bev, and she's trying to solicit help from the /. community to dig into this stuff.

Kaan

Re:story is legitimate, I just talked to Bev by ph (3, Insightful)

AJWM (19027) | more than 7 years ago | (#16828148)

So you say. How do we know who you are?

(Nothing personal, just illustrating the chains of trust necessarily involved in any security.)

Thanks for checking. If you really did ;-)

Re:story is legitimate, I just talked to Bev by ph (4, Funny)

DShard (159067) | more than 7 years ago | (#16828706)

I am torn... normally I trust anyone with a lower slashdot ID than myself. But I can't trust both of you.

Re:story is legitimate, I just talked to Bev by ph (1)

kaan (88626) | more than 7 years ago | (#16829052)

So you say. How do we know who you are?

Well, you don't know who I am, and there's not much I can do to earn instant creditibility with you. So I would suggest you go to http://www.blackboxvoting.org/contact.html [blackboxvoting.org] yourself, and call the primary contact number. When I did that, Bev answered the phone herself. It will take about a minute to call and ask a few questions, and if you do call, please post back here. That way, it will be two nameless /. readers who say Bev (and www.blackbox1.org) is legit, not just me. :)

(Nothing personal, just illustrating the chains of trust necessarily involved in any security.)

I completely agree, as far as you know, I'm just some guy with a low uid.

Thanks for checking. If you really did ;-)

I did, and you're welcome. :)

Re:I won't ask... (1)

From A Far Away Land (930780) | more than 7 years ago | (#16827872)

It's fine to demonstrate to government officials why they are being defrauded by companies into accepting electronic voting and tabulation. It's a bit of a red herring though, because the issue would be moot if we demonstrated to electors and elections officials how insane it is to rely on invisible bits to decide elections when the pencil and paper method is extremely hard to corrupt in a First World country like the USA.

I commend Slashdot's earlier efforts [abandonedstuff.com] on defeating Diebold. Now we have to take this information to the people who have the power to just say no to elecronic voting. And those people don't appear to be the millions of minority-race, elderly, and average electors who are disenfranchised by them.

Hi, I'm Bev Harris. There's nothing fishy here. (5, Informative)

Bev Harris at BlackB (1026740) | more than 7 years ago | (#16828208)

Our domain, blackboxvoting.org (and the forums, on bbvforums.org, and the document archives, on bbvdocs.org) are on one server. These ES&S program files are on another server entirely because they are quite large and would slow down our blackboxvoting.org site.

I won't say where they came from. I've checked them out to the extent possible, and they appear to be the real thing. In any situation like this you have to consider that the software might have changed significantly, or that someone could have left a honey pot out there, but I don't think this is a honey pot, not going to publish why on an Internet site. There is a good possibility that current versions have significant changes. Looking over these files should tell us a lot about how the ES&S programmers think, programming styles, etc. I haven't had time to look at the files at all, and I'm not a programmer. This program is designed to run on Windows, according to the user manuals, so I imagine you can just install it and start tinkering, as we did with the Diebold GEMS program. Some of the material refers to "Aero," which is definitely an older version that grew into the Unity program.

No source code was provided (no source code was provided for the Diebold GEMS program, either, remember). The software is only for the election management system/central tally system, and we have so far been unable to get programs for the precinct-based individual voting machines, nor for the ES&S equivalent of the memory card, which they call the "PEB".

Black Box Voting is receiving very credible reports of ES&S meltdowns in several states, though they always seem to have a temporary technician around to promise everyone their vote was not lost. Hard to explain, of course, since 18,000 votes are missing in action right now in Sarasota Florida, with about 300 votes separating the candidates for a U.S. House of Representatives race.

We are getting reports of ES&S anomalies from BOTH political parties.

If anyone has any questions, you can e-mail me at the e-mail address on the blackboxvoting.org Web site.

Best,

Bev Harris
Founder
Black Box Voting

Re:Hi, I'm Bev Harris. There's nothing fishy here. (5, Insightful)

Anonymous Coward | more than 7 years ago | (#16828436)

Hopefully you are Bev Harris, but you see that there's no way for us to know. I could create a Slashdot account claiming to be Elvis, and nobody could verify whether the King had truly returned.

It would help significantly if there were a post either on the home page of blackboxvoting.org, or in the bbvforums.org forums under your name. This way there would be some credible record that this information did truly come from Bev Harris.

Open that source up! (-1, Troll)

wiz31337 (154231) | more than 7 years ago | (#16827350)

Having the Slashdot community look at front-end of the software is not going to do much good. We can tell you that the buttons look bad, or text is too hard to read. Beyond that, we can't tell you where the exact problems are. Open up your source code and let us poke around a little bit, and then we'll show you where your real problems are hiding.

If BlackBox is worried about people saving a list of exploits for a zero-day attack they can put their software through a strict accreditation process before they reveal their final release.

Re:Open that source up! (1, Interesting)

Anonymous Coward | more than 7 years ago | (#16827408)

BlackBox is concerned with the closed nature of electronic voting systems. The software linked to is not created by BlackBox. They are non-technical people concerned with the state of eVoting in the US. They are trying to get technical people to look at some of the code and show it for the crap that it probably is.

Re:Open that source up! (1)

UdoKeir (239957) | more than 7 years ago | (#16827420)

Umm, this isn't BlackBox's software. BlackBox.org don't make voting machines. If anything, they oppose them.

Re:Open that source up! (1)

FunWithKnives (775464) | more than 7 years ago | (#16827458)

If BlackBox is worried about people saving a list of exploits for a zero-day attack they can put their software through a strict accreditation process before they reveal their final release.

Actually, BlackBoxVoting.org [blackboxvoting.org] is an organization that is fighting for change in electronic voting systems. ES&S [essvote.com] is the company in question. I agree with what you're saying, but I think you got a little mixed up there. :P

Re:Open that source up! (1)

wiz31337 (154231) | more than 7 years ago | (#16827568)

Actually, I subconsciously knew that, I was just frantically typing to get first post. I got caught up in the heat of the moment. Sorry fellow /.'ers. I meant to say ES&S not BlackBox, my bad.

bahaha (1)

thejrwr (1024073) | more than 7 years ago | (#16827362)

real smart, i hope his serves can handle the slashdot effect of huge PDFs being downloaded 1 million times

Don't bother (4, Insightful)

jrivar59 (146428) | more than 7 years ago | (#16827366)

I would argue that examining this software is counter productive, and not a good use of resources.

The fact that it is closed and "secret" is offensive enough on its own to protest for change. If democratic election is not the most obvious case for open source (and open hardware), then nothing is.

Re:Don't bother (2, Insightful)

CastrTroy (595695) | more than 7 years ago | (#16827444)

How does open source software help voting machines anyway. I mean, how do you prove that the code that's released and analyzed is actually the code loaded onto the thousands (or more) of voting machines around the country? There's too little transparency with computerized voting. I don't care how many people have verified the code is secure, because nobody will be verifying that the code on every voting machine is the code it's supposed to be. It's much easier to just use hand counted paper ballots.

Re:Don't bother (3, Insightful)

SkunkPussy (85271) | more than 7 years ago | (#16827622)

If you know the source code of the software (including build options etc), and the compiler/linker versions that have been used to build it, it will be possible to prove whether or not the binary code on the machine was generated from the source code in front of you.
To be more precise, you will be able to prove that the source code in front of you combined with those compiler/linker options generates the same binaries as exist on the machine. If your compilation does not generate the exact same binaries, then someone has some explaining to do.
This is the advantage of OSS voting code - it allows independent verification of the process without requiring a huge amount of trust to be invested in any stage of the process.

Re:Don't bother (1)

Smidge204 (605297) | more than 7 years ago | (#16827814)

But would you be able to prove that the binary that is actually being used is the one made from the public source? You could even install the software yourself but that doesn't mean someone can't sneak in their own version and hide it.

That's what the parent was saying - can you guarantee that the public source code is actually used at the time the votes are tallied? Verifying binaries is not enough.
=Smidge=

Re:Don't bother (2, Insightful)

CastrTroy (595695) | more than 7 years ago | (#16828138)

My sibling poster seems to have gotten the point. You can verify 1 executable, but you can't verify all the executables, on all the voting machines. This is a significant problem, because someone has physical access to those machines. Think about game consoles. We've all seen what happens when you put a mod chip in a unit that was once thought only to run specific signed software. The point is, is that you can get these voting machines to run any software you like, and there's nothing guaranteeing you that when you walk up to that machine on election day, that it will be running the correct software.

Re:Don't bother (3, Insightful)

Chris Burke (6130) | more than 7 years ago | (#16827574)

True, and I'll go further. Trying to examine the software for flaws makes it sound as though evident flaws in the software are the problem with the current crop of voting machines. They are not. The problem with the current crop of voting machines is that they do not produce a paper ballot that is the actual counted ballot.

Software is an illusion. You, as in a non-employee of an electronic voting firm, will never be able to prove that whatever software you audit and trust is actually running on the machine. You will never be able to guarantee that there isn't malicious code in the machine. You will never be able to prove it has no bugs. You will never be able to prove that it actually stored your vote in its internal memory exactly as you recorded it.

However, you can be sure that a printed ballot has correctly recorded your vote, because you can read it.

Give me a printed paper ballot, and I won't need to check the software for bugs. If it prints my ballot correctly, it's good enough. If it screws up, it's buggy. That easy.

Re:Don't bother (1)

broller (74249) | more than 7 years ago | (#16828282)

Give me a printed paper ballot, and I won't need to check the software for bugs. If it prints my ballot correctly, it's good enough. If it screws up, it's buggy. That easy.

That's not exactly true. I could create a machine that prints a ballot that shows whatever voting choices you made, and internally it records whatever voting choices that I made. The "Hacking Democracy" documentary about Black Box Voting shows that it is already possible to change votes in the machine while printing a paper summary that looks legit (with different results).

Re:Don't bother (4, Insightful)

Chris Burke (6130) | more than 7 years ago | (#16828408)

From my first post, emphasis added: The problem with the current crop of voting machines is that they do not produce a paper ballot that is the actual counted ballot.

I'm not talking about a paper summary, I'm talking about a paper ballot.

That's the point. You can do whatever the hell you want inside the machine, perform whatever trickery you want, but if it prints a ballot with the choices I made on it, then that is all that matters and your trickery was for naught.

Anticipating the next question of "why electronic voting at all then?", the answer is the same reason we moved to it in the first place: preventing poorly formatted ballots from causing invalid votes, and for accessibility reasons.

Re:Don't bother (1)

geoffspear (692508) | more than 7 years ago | (#16828416)

GP said: The problem with the current crop of voting machines is that they do not produce a paper ballot that is the actual counted ballot.

If they count the paper ballots, it doesn't matter what the machine is recording internally.

I'd go so far as to say that it might be enough to just count some of the paper ballots, at random, to make sure they match what the electronic records say they should. If not, recount all of the paper and throw out the electronic records. And start indicting (and/or summarily executing; your standards for how draconian society should be over blatant manipulation of voting should be may vary) executives from voting machine companies.

Re:Don't bother (0)

Anonymous Coward | more than 7 years ago | (#16828524)

So you save the voter-verified printed ballots in a traditional ballot box, and if anything looks fishy, THOSE are manually recounted. Better yet, a small number of precincts are randomly selected for a manual recount in any case.

Re:Don't bother (1)

Aceticon (140883) | more than 7 years ago | (#16827646)


I would argue that examining this software is counter productive, and not a good use of resources.

The fact that it is closed and "secret" is offensive enough on its own to protest for change. If democratic election is not the most obvious case for open source (and open hardware), then nothing is.


Agreed - this is very much a case of a social problem, not a technical problem.

Either the source code should be open sourced or the source code should be checked by and independent, technical-savy third party.

Throwing enormous amounts of manhours into first understanding how the hardware works (yes, you first have to read the docs on the hardware just to figure out the CPU used, not to mention the peripherals - and i even haven't checked if enough info is available on things such as where in the I/O addressing space is each peripheral) and then disassembling and understanding low level assembly code of one specific version of the program (and of the hardware itself) is an enormous waste of time.

Even if somebody does find out something fishy, the manufacturer can always claim it was a bug and they fixed it already in a newer version. What would you do then, get some slashdoters spending a lot of time again examining the new version????

Still, this being /. there probably is some nutter^W^W^W^W^W^Wperson out there with a knowledge of embedded systems and assembly, an irrisitible urge to tackle impossible challenges and enough time on his/her hands to do it - just don't expect any sort of timelly response or good documentation ;)

Re:Don't bother (5, Insightful)

daveschroeder (516195) | more than 7 years ago | (#16827650)

Why aren't we simply fighting for a permanent voter-verified paper trail, instead of always saddling every e-voting initiative with demands that EVERYTHING, hardware and software, be open source?

Don't get me wrong: I'm not saying it's not a good idea.

What I'm saying is this: since, even if recounts must be requested every time, a permanent voter-verified paper trail (and a true comprehensive system with regular audits and comparisons between paper vote counts and tabulations) solves almost everything, why are we instead trying to essentially unseat established, commercial enterprise e-voting vendors?

Wouldn't a more productive approach be to simply get a paper trail into place, since even an open source system is almost as worthless without one?

Keep in mind, too, that an open source system still needs to go through complex certification processes and code freezing just like the commercial products do. Even though the commercial products aren't "open source", the certification process allows for the necessary level of inspections by election agencies and external entities. The problem was the certification procedures being routinely ignored or bypassed for convenience, something that can just as easily happen with an "open source" solution.

The problem is that doing an electronic, anonymous, secret ballot that also exists in a system that attempts to enforce one-vote-per-person, combined with all the complexities and vagaries of local municipal and county systems is a lot harder than doing a vertically integrated system for one corporate customer (such as a bank).

Keep in mind, too, that much of the legislation (such as the Help America Vote Act) that essentially mandated e-voting in the hopes of ensuring uniform access to modern voting equipment was done in response to complaints about unfairness and inconsistency with manual systems in the 2000 elections, and not just in Florida. The one critical error was not explicitly recognizing that an electronic secret ballot is a hard thing to do, even without corruption, fraud, and incompetence, and a paper trail wasn't specifically mandated. And no, that wasn't by design. It was an error of omission.

Now, states, counties and municipalities have had to shell out hundreds of thousands, and sometimes millions, more dollars to add and retrofit certified paper trail functionality to existing systems (which, indeed, many are doing). But all e-voting vendors offer it. It just costs a lot of money.

So instead of trying to push out enterprise vendors with multi-million dollar contracts (which is essentially what demanding "all open source" would do, since no commercial vendor is going to open up ALL of their software and hardware code and designs), why not just work to get a permanent voter-verified paper trail in place in as many places as possible as soon as possible, perhaps even mandating it via legislation, since that will be required no matter what system is implemented?

What's more important: the egos of the people who have a vendetta against Diebold, Sequoia, and ES&S, or actually getting a mechanism into place as quickly as possible that guarantees votes will be accurately cast and counted (and at a minimum immediately shows if there is a problem? (And yes, I DO expect the burden of actually looking at the piece of paper to verify that it's correct to fall on the person who is voting.)

Re:Don't bother -- excellent point for paper audit (3, Interesting)

irenaeous (898337) | more than 7 years ago | (#16827896)

Very good point. I hope you get modded up.

The State of California now requires a paper audit trail. I asked a friend of mine who works as a poll worker volunteer about the system used in Orange County, California. She gave me a detailed and intelligent response with specific information on how it works now. I posted these under another article, but it didn't the attention that I thought her remarks merited. I am also interested in any responses to them.

The "OC" uses voting machines with a paper audit trail system developed by Hart-Intercivic [harintercivic.com].

Here is what my friend had to say:

The current electronic voting machines consist of a Judge's Booth Controller (JBC) & a daisy chain of (usually) 8 electronic voting screens w/Voted Paper Audit Transaction Systems (VPATS). The JBC governs all of the screens, but is not connected to any VPATS, each of which is independent to its own voting screen. The entire system is completely self-contained -- it does not hook into any other computer system. It only hooks into the wall plug to give it power.

The first voter (a non-volunteering, random citizen who just happens to be first in line) signs the OPEN POLLS paper tape that verifies that no votes have been cast on the JBC for that election. Each voter is given a temporary access code that allows him/her to vote on an assigned electronic screen. The number is randomly assigned by the JBC volunteer & has no connection to the voter's identity. It expires as soon as the voter casts his/her ballot and/or a brief period of time elapses with no voting activity on the electronic screen. The voter enters his/her access code, then chooses his/her vote for each candidate/race on the electronic screen. When he/she is finished choosing, a review screen displays all of the choices & prints the same review on the attached VPAT, which the voter can see, but cannot touch (it is sealed inside the VPAT machine). When the voter verifies that this is his/her correctly voted ballot, the ballot is cast electronically & is reprinted on the VPAT (again, the voter can read it, but cannot access it).

No poll worker can access the VPATS (actually for the duration of the election & counting, neither can a ROV employee), nor can they change the electronic screen. If the voter makes a mistake, the entire ballot must be cancelled & the voter must start again. Once the voting day is finished, & the JBC prints out an additional summary of all the votes cast during the day at that polling place, everything is turned back into the ROV (through a system of manual labor all done by community volunteers, supervised by a ROV employee). The VPATS go to one location. The printed JBC summaries (beginning & ending) go to another location. The JBC goes to a third location. All votes are tallied (by a mixed group of employees & community volunteers) in each of the 3 locations, & compared. If there are discrepancies, the VPAT tally is generally preferred first, then the JBC printed summary, then the JBC electronic count. (There could be legitimate reasons to change the ranking, but I don't know what those are. They are printed out & available to the public.)

About absentee ballots (which I am using this time since we are working a polling place not near our own precinct) -- once they reach the Registrar of Voter's (ROV) office, the unopened envelope is recorded so that you cannot vote again by showing up at the polls, & then it is transferred to a completely different office before it is ever opened. The different office has no access to the list of registered voters. There the envelope is opened & the ballot is taken out & separated from the envelope. All the envelopes are isolated elsewhere, the ballots are bundled together & transferred to a different office, where they are counted by non-employee community citizen volunteers like me.

Personally, I have no confidence in any system without the paper audit trail requirements, and none in Diebold in particular.

Re:Don't bother (1)

lcde (575627) | more than 7 years ago | (#16828104)

Contact your representative and support the Paper Ballot Act of 2006 [theorator.com].

Requires the use of paper ballots for Presidential races.

Re:Don't bother (1)

geoffspear (692508) | more than 7 years ago | (#16828610)

Wow. Looking into that bill on Thomas, I found a ton of other bills titled something to the effect (like the one you reference above) of "To amend the Help America Vote Act to require voter-verified paper ballots and for other purposes", one of which, HR 939, was last seen when it was being referred to the subcommittee on Crime, Terrorism, and Homeland Security. I didn't read the full text of the legislation, but from the summary it had nothing to do with any of those 3 things. Was this a message from the leadership of the committee that anyone who wants to reform elections is a terrorist?

Is this legal? (1)

ubersonic (943362) | more than 7 years ago | (#16827378)

I'm really wondering how legal it is to post commercial software to the web.

As far as I know this executables are copyrighted and someone will get into a lot of troubles for posting them.

Also note, why is this blackbox1.org and not blackboxvoting.org?

Legit? (2, Insightful)

Khammurabi (962376) | more than 7 years ago | (#16827430)

Please say someone at Slashdot verified this post with the people at Blackbox voting, and didn't unwittingly just fall for someone's email or post to get the organization in trouble.

Re:Legit? (1)

mzs (595629) | more than 7 years ago | (#16827852)

It is hard to tell for sure since blackbox1 and bbvforums are both using Domains by Proxy. It is possible that someone else registered blackbox1 using DomainsByProxy for the whois info. There are links from blackboxvoting to bbvforums, but o links to blackbox1.

Legit? Yes (4, Informative)

kaan (88626) | more than 7 years ago | (#16827956)

I just got on blackboxvoting.org and called the primary phone number, and Bev Harris answered the phone.

I spoke to her for about 5 minutes, explained that an article showed up on /. and there were questions about its authenticity. She said it was legit, they set up a new domain name so they don't hammer their primary server (they've gotten a ton of traffic lately). She said she could not disclose where she obtained the executable code, but that it was real software and she wanted feedback from the slashdot community.

This is not a phishing scam, it's really from Bev, and she's trying to solicit help from the /. community to dig into this stuff.

Oh, and yes, I'm posting this same comment in reply to all of the "is this real?" comments... Moderators: please do not mod me down without calling them yourself (go to blackboxvoting.org for phone number).

Kaan

Re:Legit? Yes (1)

Odin's Raven (145278) | more than 7 years ago | (#16828498)

Appreciate the thought and effort, kaan, but folks are still in the position of accepting one stranger's (your) word to confirm another stranger's (Gottesser's) claim that a site we can't directly verify (blackbox1.org) is truly being run by BBV.

If someone from BBV happens to be monitoring /. - a stronger confirmation might be if there were an announcement on the blackboxvoting.org homepage by Bev stating that the /. story is accurate, and containing links to the files on blackbox1.org (to further confirm that the files are known to BBV). Bonus points if the confirmation notice on BBV contains checksums for the files on blackbox1.org, so that people can feel more confident that whatever they've downloaded matches the files that BBV uploaded to blackbox1.org. (Basic idea being that a blackhat trying to alter the downloads would have to take over both the main BBV website and blackbox1.org, otherwise the downloads and checksums wouldn't match.)

Mod parent up. (1, Informative)

CyberVenom (697959) | more than 7 years ago | (#16827494)

There is something odd going on here.
blackboxvoting.org is indeed registered to Bev Harris, but blackbox1.org is registered to "Registration Private" by "Domains by Proxy".

They are on the same server though (1)

ben there... (946946) | more than 7 years ago | (#16827774)

Answer records
blackbox1.org    1    NS    ns.rackspace.com    86339s
blackbox1.org    1    NS    ns2.rackspace.com    86339s

Additional records
ns.rackspace.com    1    A    69.20.95.4    159770s
ns2.rackspace.com    1    A    65.61.188.4    159770s

Answer records
blackboxvoting.org    1    NS    ns.rackspace.com    86258s
blackboxvoting.org    1    NS    ns2.rackspace.com    86258s

Additional records
ns.rackspace.com    1    A    69.20.95.4    159721s
ns2.rackspace.com    1    A    65.61.188.4    159721s

Re:They are NOT on the same server (1)

TheSpoom (715771) | more than 7 years ago | (#16827870)

C:\Documents and Settings\Jamie>nslookup blackbox1.org
*** Can't find server name for address 192.168.0.1: Non-existent domain
*** Default servers are not available
Server: UnKnown
Address: 192.168.0.1

Non-authoritative answer:
Name: blackbox1.org
Address: 72.32.2.234

C:\Documents and Settings\Jamie>nslookup blackboxvoting.org
*** Can't find server name for address 192.168.0.1: Non-existent domain
*** Default servers are not available
Server: UnKnown
Address: 192.168.0.1

Non-authoritative answer:
Name: blackboxvoting.org
Address: 72.3.135.10

They are not on the same server, they are just both hosted by Rackspace. It would be easy for someone to setup a server on the same host to make it look like they were the same organization.

Re:They are NOT on the same server (1)

ben there... (946946) | more than 7 years ago | (#16827946)

Yea you're right. I was just about to post a followup. The traceroute for blackbox1.org leads to floridawebmasters.com, unlike blackboxvoting.org. Black Box Voting is based in Renton, WA.

TraceRoute to 72.32.2.234 [blackbox1.org]
Hop    (ms)    (ms)    (ms)        IP Address    Host name
1    1    0    0        x
2    0    0    0        x
3    0    0    0        x
4    1    0    1        38.99.206.177    -
5    1    1    1        66.28.64.65    g10-3-0.core01.iah01.atlas.cogentco.com
6    10    6    6        66.28.4.97    p5-0.core01.dfw01.atlas.cogentco.com
7    7    Timed out    6        154.54.2.94    t3-1.mpd01.dfw01.atlas.cogentco.com
8    8    6    6        154.54.6.66    t4-4.mpd01.dfw03.atlas.cogentco.com
9    7    6    7        154.54.11.194    verio.dfw03.atlas.cogentco.com
10    7    7    7        129.250.3.226    xe-4-1.r03.dllstx09.us.bb.gin.ntt.net
11    7    7    8        157.238.225.58    d1-4-0-21.a12.dllstx01.us.ce.verio.net
12    7    7    7        72.3.128.21    vlan901.core1.dfw1.rackspace.com
13    7    7    7        72.3.129.11    aggr3a.dfw1.rackspace.net
14    7    7    7        72.32.2.234    floridawebmasters.com

Re:They are on the same server though (1)

ubersonic (943362) | more than 7 years ago | (#16827930)

A friend of mine downloaded the files and ran them through a virus scanner. Sure if this is a new trojan/virus it would most likely not find anything. But there are 10370 files in those 3 zips and many names seem to imply its indeed the GEMS software.

Thought I'm still certain Diebold has a copyright on those files and providing them for download might get someone into deep troubles. - Yes even if Diebold has accidently released them via their FTP server*, its still illegal to redistribute.

* As mentioned in hacking democracy Hacking Democracy [google.com]

Re:They are on the same server though (1)

refitman (958341) | more than 7 years ago | (#16828546)

From post #16828208 [slashdot.org]:

Our domain, blackboxvoting.org (and the forums, on bbvforums.org, and the document archives, on bbvdocs.org) are on one server. These ES&S program files are on another server entirely because they are quite large and would slow down our blackboxvoting.org site.

I won't say where they came from. I've checked them out to the extent possible, and they appear to be the real thing. In any situation like this you have to consider that the software might have changed significantly, or that someone could have left a honey pot out there, but I don't think this is a honey pot, not going to publish why on an Internet site. There is a good possibility that current versions have significant changes. Looking over these files should tell us a lot about how the ES&S programmers think, programming styles, etc. I haven't had time to look at the files at all, and I'm not a programmer. This program is designed to run on Windows, according to the user manuals, so I imagine you can just install it and start tinkering, as we did with the Diebold GEMS program. Some of the material refers to "Aero," which is definitely an older version that grew into the Unity program.

No source code was provided (no source code was provided for the Diebold GEMS program, either, remember). The software is only for the election management system/central tally system, and we have so far been unable to get programs for the precinct-based individual voting machines, nor for the ES&S equivalent of the memory card, which they call the "PEB".

Black Box Voting is receiving very credible reports of ES&S meltdowns in several states, though they always seem to have a temporary technician around to promise everyone their vote was not lost. Hard to explain, of course, since 18,000 votes are missing in action right now in Sarasota Florida, with about 300 votes separating the candidates for a U.S. House of Representatives race.

We are getting reports of ES&S anomalies from BOTH political parties.

If anyone has any questions, you can e-mail me at the e-mail address on the blackboxvoting.org Web site.

Best,

Bev Harris

Founder Black Box Voting

Re:Mod parent up. (0)

Anonymous Coward | more than 7 years ago | (#16827884)

Domains by Proxy is a shady service offered by GoDaddy to subvert the intent of the ICANN rules regarding domain registration. Surprising that ICANN allows it and makes one wonder how certain companies obtain such loophole$.

Slashdot phishing? (1)

MyNymWasTaken (879908) | more than 7 years ago | (#16827628)

"Run these executables and report what you think about them; sorry, source code." ... and the links provided are *not* from the organization being represented.

Did anybody fall for this ploy and actually download and run those executables?

Re:Slashdot phishing? (1)

joe 155 (937621) | more than 7 years ago | (#16827702)

I think that this might be a little dodgy too, but I won't install anything unless it comes in open-source and at least one person I trust - or me for very simple programs - has looked over the source code. Practically for me this means all my software comes through yum via the fedora repos.

I'm a little disapointed that /. has encouraged people to do this which is suspicious at best

this is legitimate, it's not phishing (1, Redundant)

kaan (88626) | more than 7 years ago | (#16827898)

I just got on blackboxvoting.org and called the primary phone number, and Bev Harris answered the phone.

I spoke to her for about 5 minutes, explained that an article showed up on /. and there were questions about its authenticity. She said it was legit, they set up a new domain name so they don't hammer their primary server (they've gotten a ton of traffic lately). She said she could not disclose where she obtained the executable code, but that it was real software and she wanted feedback from the slashdot community.

This is not a phishing scam, it's really from Bev, and she's trying to solicit help from the /. community to dig into this stuff.

Kaan

Re:this is legitimate, it's not phishing (1)

joe 155 (937621) | more than 7 years ago | (#16828054)

Well, its obviously not practical for us all to do this, and with such a low UID it seems like I can trust you. In any case;

1) How is this software legal to distribute in the way that it is being done? Can she supply information about why it is legal, even i she won't say where it came from?
2) Even if it is legal for us to download it and posses it, how can we usefully examine the software unless hack it it in such a way which will probably break the DMCA (or other laws)

If she won't say where she got it from then I'm going to assume that it is illegal. Also if this is illegal then isn't /. now also guilty under the DMCA, and possibly other laws?

Re:this is legitimate, it's not phishing (2, Informative)

kaan (88626) | more than 7 years ago | (#16828284)

1) How is this software legal to distribute in the way that it is being done? Can she supply information about why it is legal, even i she won't say where it came from?

I asked Bev the same thing, she didn't want to say very much about it. So I'll add my own commentary: legality aside, if you piss off somebody big enough, they will find a way to shut you down, no matter what. Black Box Voting has had problems with this in the past (as explained in Hacking Democracy, where Bev originally found Diebold's Gems software on a public ftp server, her website was shut down, but not before many others had downloaded the contents).

2) Even if it is legal for us to download it and posses it, how can we usefully examine the software unless hack it it in such a way which will probably break the DMCA (or other laws)

Good question. The answer is, "you probably can't". The DMCA probably applies here, and probably says it's illegal for us to even discuss their proprietary software. I suggested to Bev that she try to participate in the discussion on /. because there are going to be some tough questions, especially when the initial comments are, "this whole thing looks bogus".

If she won't say where she got it from then I'm going to assume that it is illegal. Also if this is illegal then isn't /. now also guilty under the DMCA, and possibly other laws?

I can't disagree with you. Bev said she could not disclose anything about where it came from, because it would likely reveal who it came from, and she couldn't do that. I don't know what to tell you. The DMCA probably applies, and that's just something you'll have to decide on your own.

I would further suggest that you consider whether voting software for public elections should be so secret as to be hidden behind a generic law such as the DMCA. That's really the issue here - everything about electronic voting is a secret, and her organization is trying to expose that.

Kaan

Re:Is this legal? (0)

Anonymous Coward | more than 7 years ago | (#16827950)

ems.zip
fhill503.rpt
Well it looks like it came from deep in the heart of TEXAS!

GENERAL ELECTION OF OFFICIALS RPT0010 000033 CITY OF FOREST HILL, TEXAS MAY 3, 2003 123BALLOTS COUNTED - TOTAL RMAYOR RPT0030 000214JAMES L. GOSEY 000314MALINDA MILLER RPT0040001001000600482005000022COUNCILMEMBER, PLACE 4 000618GLADYS M. HARDEMAN RPT0050 000708WRITE-IN

Re:Is this legal? (1)

pegr (46683) | more than 7 years ago | (#16828662)

As far as I know this executables are copyrighted and someone will get into a lot of troubles for posting them.
 
I download copyrighted software from the web all the time. Most recently, it was the Fedora linux distro and that contains copyrighted code from thousands of copyright holders!
 
As for this particular bit of code, I'd say a strong defense is "compelling public interest". It's not like the copyright holder can demonstrate damages (like we could use the code to sell voting machines...). On the other hand, bogus code could be very damaging to the copyright holder, but then that just reenforces the compelling public interest now doesn't it!

Dont Help BBV (-1, Troll)

jeramybsmith (608791) | more than 7 years ago | (#16827460)

There are legitimate evoting orgs out there. Help one of them. DemocratUnderground exposed Bev Harris as a phony a long time ago. Her people regularly astroturf here. Here is some of Bev Harris' latest kookery. Find a legitimate evoting org and help them instead.
By the way: the scientific community has been complicit in cover-ups of the truth, and makes errors -- as you just did when you asserted that VoteHere code did not need to be stolen because it was public, without doing your homework on the dates or running a simple media search. RABA technologies head Michael Wertheimer withheld crucial information from his report, supposedly because he was told to by Diebold lobbyists and people in Lamone's office. Scientists have yet to acknowledge the very real and continuing issues with GEMS, WinEDS and the other central tabulating programs. To say that Black Box Voting has a "reputation" for making assertions is an elitist bit pushed by the scientists and their followers. You just made an assertion, about VoteHere. The scientists have made several incorrect assertions -- at one point, one of the very well known ones tried to get Hursti to CHANGE HIS REPORT so as not to expose an incorrect assertion this guy had been making.

Re:Dont Help BBV (1)

Nasarius (593729) | more than 7 years ago | (#16827522)

DemocratUnderground

Ah, another Republican so bumfuzzled by the English language that they don't understand the difference between an adjective and a noun. Can't you at least get the proper name of a website right?

Re:Dont Help BBV (1)

jeramybsmith (608791) | more than 7 years ago | (#16827722)

Pardon me, DemocraticUnderground. Or DU for short. Happy?

http://journals.democraticunderground.com/Kelvin%2 0Mace/2 [democratic...ground.com]

Re:Dont Help BBV (0)

Anonymous Coward | more than 7 years ago | (#16828034)

Whats the deal with Republicans always trying to call the Democratic party the 'Democrat Party' and then acting like it's a mistake?
How can anyone ever get into a real debate when we're always stuck at the 7th grade level?

Re:Dont Help BBV (0)

Anonymous Coward | more than 7 years ago | (#16827674)

That's right, attack the messenger. The software is the issue, only you want to beat up the person raising the question. Well, when you have kicked the beejeezus out of the the voting machine companies and given them the works, then lets go after Bev. Then, lets go after YOU!

Re:Dont Help BBV (1)

EasyT (749945) | more than 7 years ago | (#16827694)

DemocratUnderground exposed Bev Harris as a phony a long time ago.

Maybe you could back that claim up with a supporting link so that we can judge for ourselves?

Re:Dont Help BBV (1)

jeramybsmith (608791) | more than 7 years ago | (#16827760)

Try using a tool called google? There are some wonderful Bev Harris crackpot links on the web including old Art Bell show stuff. Don't feel limited to the piece DemocraticUnderground compiled on her.

Re:Dont Help BBV (1)

denttford (579202) | more than 7 years ago | (#16827800)

I believe GP was referring to this admin posting [democratic...ground.com], which, while not exactly describing her as a phony, describes her at the very least as a difficult person to deal with, and after several temporary bans from their board, is persona non grata there.

Re:Dont Help BBV (2, Interesting)

jeramybsmith (608791) | more than 7 years ago | (#16828256)

The sad thing is, a call to support legitimate voting watchdog groups followed by a quote of Bev Harris acting like a creationist about her voting conspiracies is down modded to a troll immediately. 2 of the replies so far have been people mad because I left the "ic" out of DU's name as if I was besmirching the political party that site favors. This site is a decent enough news source but when its used as a tool for the kooks I get up in arms. Bev Harris' people are one step away from shadow government kooks and a quick read of their forums will show you that.

Is this the real software? (1)

parvenu74 (310712) | more than 7 years ago | (#16827548)

Is this the software that was programmed by ES&S for their machine or is this the code that was inserted onto the machines by the hired hackers of the evil, election stealing politicians, as demonstrated on HBO [google.com]? I've got to know these things...

No source code, sorry (1)

syntap (242090) | more than 7 years ago | (#16827596)

How does one reliably examine software without the source code? Why would anyone bother spending time on this? What, we're supposed to look at an executable and say "yeah, looks like things can't be faked, hacked, or misinterpreted"?

It's possible to make observations without source (1)

kaan (88626) | more than 7 years ago | (#16828586)

How does one reliably examine software without the source code?

You're right, you can't tell as much from an executable as you can from looking at source. But it's still possible to make observations about behavior, operation, ways to break it or alter election results, all without looking at the source. I'm sure if Bev (or anyone else) could get the source code for the voting software, she would do so. For now, this is all she's got.

Why would anyone bother spending time on this?

Because our public elections are run through secret software that nobody knows about, nobody will explain, and nobody understands. So we're supposed to just sit back and say, "oh well"? Does it bother you that there are recorded, documented instances of candidates receiving negative votes? Like, "less than 0". Doesn't that concern you? It should.

Re:No source code, sorry (1, Insightful)

Anonymous Coward | more than 7 years ago | (#16828620)

Nobody said reverse-engineering was easy, young grasshopper.

Re:No source code, sorry (1)

Daniel Boisvert (143499) | more than 7 years ago | (#16828906)

How does one reliably examine software without the source code?

I haven't looked at any of this sort of thing in awhile, but the easiest way used to be to disassemble it into assembly and read that. It's not /that/ obscure a skill. Folks in the security community use similar methods for analyzing worm/virus code pretty regularly.

The last time I looked, I seem to remember some folks working on decompilers that would produce higher-level languages (mostly C, that I recall), but have no idea if anybody ever got 'em working well.

Legality (3, Interesting)

mattwarden (699984) | more than 7 years ago | (#16827644)

Um, before I download this software onto my computer, would Beth like to comment on (a) how she got it, and (b) to what extent it is legal for her to be housing it on her server?

Re:Legality (0)

Anonymous Coward | more than 7 years ago | (#16827794)

In Soviet Russia, trojan downloads you!

Re:Legality (1)

PinkPanther (42194) | more than 7 years ago | (#16827854)

...and, as others have pointed out, how we can tell that what is downloaded is really from BBV? The linked domain blackbox1.org is not the same as blackboxvoting.org .

Re:Legality (0, Redundant)

kaan (88626) | more than 7 years ago | (#16828012)

I just got on blackboxvoting.org and called the primary phone number, and Bev Harris answered the phone. She said she could not disclose where she obtained the software, but that it was legitimate, real software. She set up another domain to prevent /. of their primary domain. Run a traceroute and you'll see that both blackboxvoting.org and blackbox1.org are hosted with Rackspace. Phishers do not use Rackspace, they use domains in Russia or where ever.

This is not a phishing scam, it's really from Bev, and she's trying to solicit help from the /. community to dig into this stuff.

Oh, and yes, I'm posting similar comments in reply to all of the "is this real?" comments... Moderators: please do not mod me down without calling them yourself (go to blackboxvoting.org for phone number).

Kaan

Re:Legality (1)

ben there... (946946) | more than 7 years ago | (#16828210)

The traceroute for one actually leads to floridawebmasters.com [floridawebmasters.com] after going through rackspace.net.

See my traceroute [slashdot.org].

Why would Black Box Voting in Renton, WA hire a local Florida webmaster, who doesn't even have a real company homepage?

(I admit, I'm not going to call them)

Re:Legality (1)

kaan (88626) | more than 7 years ago | (#16828422)

The traceroute for one actually leads to floridawebmasters.com after going through rackspace.net.

Yep, I saw the same thing, don't know what to tell you.

12 vlan901.core1.dfw1.rackspace.com (72.3.128.21) 986.452 ms 756.475 ms 999.809 ms
13 aggr3a.dfw1.rackspace.net (72.3.129.11) 763.390 ms 1227.111 ms 1247.636 ms
14 floridawebmasters.com (72.32.2.234) 1504.584 ms 756.088 ms 250.646 ms

(I admit, I'm not going to call them)

Well, maybe you should call them. It will take 1 minute, probably less time than it would take you to write another response to this comment.

Their phone number is on their website:
http://www.blackboxvoting.org/contact.html [blackboxvoting.org]

Re:Legality (1)

mattwarden (699984) | more than 7 years ago | (#16828242)

I'm not concerned with the domain name issue, really. But, she can't disclose how she got the software? Then I'm not going to download it onto my machine, potentially exposing myself to liability.

You want me to help out? I need the information necessary to make sure I'm not breaking the law. I saw Hacking Democracy. They know the law well. They make sure they don't break the law when they're at polling places or hunting through garbage, etc. I would think they'd expect me to want to do the same...

YOU FAIL iT (-1, Troll)

Anonymous Coward | more than 7 years ago | (#16827666)

Jesus Up The ggodbye...she had another troubled

So much for the center... (5, Funny)

creimer (824291) | more than 7 years ago | (#16827724)

Is there a reason why my computer is leaning to left now that I'm running the software?

slashdotting (5, Funny)

Paladin144 (676391) | more than 7 years ago | (#16827736)

You may want to Slashdot it or whatever.

Yes. Yes, we will.

Now stand back and let us get to work. We live for this shit... To some people it's just a job, but not to us, man. It's a passion. When we saved those baby orcas by slashdotting all of S.P.E.C.T.R.E.'s servers it was like.... wow, man. I've never felt so free.

I don't think of myself as a hero. I'm just doin' my job, ma'am.

Software for Precinct Machines (1)

Rob the Bold (788862) | more than 7 years ago | (#16827776)

They note they don't have software for the precinct machines. The iVotronic software for the precinct machines would be a little harder to read for the general programmer, because it runs on a custom-built embedded device. But it is 386EX compilable, so it might be possible. It's certainly more hack-resistant from the outside due to the more proprietary nature of the system (greater obscurity). I don't believe the linux-based iVotronic was ever revived after the project was cancelled in June 2003.

The source code was reviewed by a thrid party in early 2003, but it wasn't the same code that was built into the device executable. Third-party auditors required that very specific code formatting and behavior rules be followed. These rules were not followed in the production version, and therefore the entire software suite for the iVotronic was patched to the auditors' standards. This code compiled, but I don't believe that it was put into production. It certainly wasn't tested for functionality before being audited.

One Achiles' heal of the iVotronic would be the fact that they're made overseas in the Philippines, which could be a potential weak point for inserting something malicious. Just a thought.

Atter the analysis is done... (3, Insightful)

Dave21212 (256924) | more than 7 years ago | (#16827784)


We should take a vote using GEMS to see if the Diebold software is good or not :) I'm predicting a landslide !

Seriously though, I'm a little disapointed in the comments so far. First, this is not a political/partisan issue. Second, you don't need the source code to evaluate the operation of this software. Sure, it would be easier if we had it, but are you telling me that nobody here knows how to run a debugger or decompile some simple windows code ??? How many of you are drooling at the chance to take a whack at this stuff ? Go to it !@

For you people whining about no source code, how about you leave the real hacking to the real hackers and go back to your QA jobs :) Besides, I think it will be interesting to see what people come up with *without even having the source* - it's more of a real world test that way.

Re:Atter the analysis is done... (0)

Anonymous Coward | more than 7 years ago | (#16827868)

> Seriously though, I'm a little disapointed in the comments so far. First, this is not a political/partisan issue. Not post before you is taking any sides, purely discussion based on the code. No parties mentioned. Trying to karma whore for your links? Are you?

Re:Atter the analysis is done... (0)

Anonymous Coward | more than 7 years ago | (#16829018)

While there exists a detectable problem, P [sic: while (1)]:
Hacker finds a hole in the code (P).
Evil company patches said hole. Uses P.R./lobbyists to claim that P is an isolated incident and that everything is alright. The small portion of the people who matter will believe e.c. over hacker (even if hacker has a phd in computer science and is a respected security analyst).
Evil company then will say that it isn't their fault that the "mean old law-breaking hackers" won't leave them alone. Ignoring that it is their fault and responsibility that the hackers _can_ break their stuff.

Besides, the company can most likely fix problems faster than people (without code) can find them. And people have ridiculously low standards when it comes to software.

Even if this becomes a scandal, which it won't unless someone is bribed, and they'll need to be caught red-handed for anyone to believe it (it is too Saturday morning cartoon evil to be considered true). It would have to be a slow news week for this to even have a chance (an election itself would drown this out).

The only way I can think of for this issue to have a _chance_ at making the news is if the machines are hacked to claim something messed up (like declaring the winner to be the "Boston Tea Party") or are outright destroyed (there is a place near where I live that during multiple elections a person has stolen / thrown the ballots into a river).

Thus, this entire endeavour of creating proof-of-concept hacks are an exercise in futility. Proving a problem exists will only create a patch, not a solution.

The procedure is what matters. (3, Insightful)

Chandon Seldon (43083) | more than 7 years ago | (#16827808)

The important thing isn't the voting software, it's an effective voting procedure.

There is a known effective voting procedure using paper ballots, ballot boxes, and little old ladies (err... party representatives) to count them. This procedure has one important property: fraud attempts tend to get thwarted because the little old ladies will yell when something fishy happens. ANY VOTING SYSTEM WITHOUT THIS PROPERTY SHOULD NOT EVEN BE CONSIDERED.

It may be possible to design a voting procedure using computers that is similarly effective. Here's the important thing: it needs to retain the property that little old ladies observing the process can immediately tell if something fishy is going on. NO FULLY COMPUTERIZED SYSTEM CAN HAVE THAT PROPERTY.

Someone suggested the following system here on Slashdot:

  1. Paper ballots are marked, either with sharpies / pens or from touch-screen ballot generating machines.
  2. They go into standard ballot boxes.
  3. Those ballots are brought to a central tallying location using the standard ballot-box protection procedures.

At the central tallying location, for each race:

  1. The ballots are put into a sorting machine that sorts based on the votes in that race.
  2. Observers check the sorted piles to make sure that they are properly sorted.
  3. The sorted piles are put into a counting machine - there's your counts. If the counts look wrong based on pile size to any observer, it's manual count time.

If any candidate, observer, or 50 signatures question the validity of the counting machine's results - a manual recount occurs for that precinct. Every time - no "but that would be effort" bullshit.

This system takes all the properties of the hand count system and preserves them while spending money to gain two properties: Ballot generating machines for the blind, and fast counting for people who think that matters. Ballot generating machines are an easy problem, and sorting / counting machines are pretty cheap. We might have to use heavy cardstock for the ballots to survive the sort/count process for every race - that's $50 I'm willing to spend.

Re:The procedure is what matters. (2, Interesting)

cdrguru (88047) | more than 7 years ago | (#16828018)

Yes, and for centuries we haven't cared if the error margin of the little old ladies was 1% or even 2%. If one precinct's results got flipped around because of errors, it didn't matter because of the sheer number of precincts and their small size - usually much less than 100 people per precinct for most of the last 200+ years.

Unfortunately, we are now caring a lot more about accuracy. The current manual processes can't handle the requirements for 100% accuracy or at least accuracy way beyond 0.9%. Could it be done with manual processes? Sure, banks used to do this completely manually all the time. It just takes time and more people. And duplication of efforts to ensure quality.

Not going to fly here, for a couple of reasons. One is there aren't enough workers. Another is that we can either count the votes fast or listen to the news reports because they will report results based on exit polls, surveys and guesswork.

Re:The procedure is what matters. (1)

Chandon Seldon (43083) | more than 7 years ago | (#16828544)

First, speed of counting is not something that we can sacrifice trustworthiness (or accuracy) for. If the news reports a result, and the count comes back a week later with some other result... so be it. The politicians are going to have to stop sucking at PR and make proper public statements in the few hours after the election - the correct statement is either "Yea, the exit polls said I only got 20% of the votes, that sucks" or "This one's pretty close, I guess we'll have to wait for the official result to see who won."

Second, I agree that accuracy is something that needs to be built into the system. I'd argue that little old ladies are accurate, and that if they're not we can solve the problem with *more* little old ladies. If that's not good enough, we can move to the sort & count system I described.

In the end, I see this as being really simple: Sacrificing the ability for non-technical observers to immediately spot fraud is NOT ACCEPTABLE. I don't care if we're getting free sports cars in exchange, that's not a design property we can trade away and still have a legitimate democracy.

Files contain Election Data from Tarrant County (0)

Anonymous Coward | more than 7 years ago | (#16827940)

The files contain Election data from Tarrant County for the past five years. Any guesses as to how long they will be accessible?

help creators implement planet/population rescue (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#16827948)

it only makes sense.

from previous post: many demand corepirate nazi execrable stop abusing US

we the peepoles?

how is it allowed? just like corn passing through a bird's butt eye gas.

all they (the felonious nazi execrable) want is... everything. at what cost to US?

for many of US, the only way out is up.

don't forget, for each of the creators' innocents harmed (in any way) there is a debt that must/will be repaid by you/US as the perpetrators/minions of unprecedented evile will not be available after the big flash occurs.

'vote' with (what's left in) yOUR wallet. help bring an end to unprecedented evile's manifestation through yOUR owned felonious corepirate nazi life0cidal glowbull warmongering execrable.

some of US should consider ourselves very fortunate to be among those scheduled to survive after the big flash/implementation of the creators' wwwildly popular planet/population rescue initiative/mandate.

it's right in the manual, 'world without end', etc....

as we all ?know?, change is inevitable, & denying/ignoring gravity, logic, morality, etc..., is only possible, on a temporary basis.

concern about the course of events that will occur should the corepirate nazi life0cidal execrable fail to be intervened upon is in order.

'do not be dismayed' (also from the manual). however, it's ok/recommended, to not attempt to live under/accept, fauxking nazi felon greed/fear/ego based pr ?firm? scriptdead mindphuking hypenosys.

consult with/trust in yOUR creators. providing more than enough of everything for everyone (without any distracting/spiritdead personal gain motives), whilst badtolling unprecedented evile, using an unlimited supply of newclear power, since/until forever. see you ther

I've said it before (1)

SQLz (564901) | more than 7 years ago | (#16827962)

Computers are just not designed to accept input, and increment and integer. Its crazy talk, more science fiction than reality.

"Hello World" comes to voting. (0)

Anonymous Coward | more than 7 years ago | (#16827998)

Hmmm. I've always wondered why software is really needed for the process of voting. You'd think that adding numbers would be the simplest thing in the world.

But... (1)

MaxPowerDJ (888947) | more than 7 years ago | (#16828050)

Does it run in Linux?
Seriously, I am wining this up and see what I can do with it

Re:But... (1)

Rob the Bold (788862) | more than 7 years ago | (#16829036)

Does it run in Linux?

There was a linux version in the works in 2003 of the iVotronic, but the project was cancelled. Don't know if it was ever revived.

FUD! (0, Flamebait)

singingjim (957822) | more than 7 years ago | (#16828194)

Fud Fud Fud Fud Fud Fud Fud Fud Fud Fud Fud Fud Fud Fud Fud Fud Fud Fud Fud Fud Fud Fud Fud Fud Fud Fud Fud Fud Fud Fud Fud Fud Fud Fud Fud Fud!! GODDAMIT FUD!

Friggin' looney tunes publicity hounds!

I've never seen a more shameless attention grab since FarenDUPE 911.

just edit the rpt file,or dbf files to fix vote (0)

Anonymous Coward | more than 7 years ago | (#16828642)

Looks like a person could just edit the rpt files or the dbf files to fix your vote.

Just like the Diebold GEMS where you could edit the database (MSACCESS) this is looks about the same (DBF files). Lots of dbf editors fit on a little thumb drive. zik-zak

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...