Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

U.S. To Certify Labs For Testing E-Voting Machines

Zonk posted more than 7 years ago | from the who-certifies-the-certifiers dept.

United States 75

InternetVoting writes "In a clear counter to the recent criticisms of secrecy involving Ciber labs the National Institute of Standards and Technology (NIST) has issued recommendations (pdf) to the Election Assistance Commission (EAC). NIST recommends the accreditation of two labs, iBeta Quality Assurance and SysTest Labs. The recommendation, emphasizing the need for transparency, includes on-site assessment reports, lab responses, and on-site reviews for each lab. These reports shed much needed light into the process of voting machine certification. Learn more from the Q&As About NIST Evaluation of Laboratories that Test Voting Systems."

cancel ×

75 comments

Sorry! There are no comments related to the filter you selected.

Opaque Audits (5, Insightful)

P(0)(!P(k)+P(k+1)) (1012109) | more than 7 years ago | (#17681356)

It sounded, prima facie, like progress was being made; but quoth TFA:

Currently, laboratories are using proprietary test methods and test cases to determine that a voting system meets existing federal standards. . . . By law, NIST must protect proprietary information. This includes details of a laboratory's specific testing methods and protocols.

Call me cynical, but auditing opaque processes with equally opaque tests doesn't change much; I foresee a holographic sticker labelled “certified.”

I'd wager, furthermore, they expect us to buy it at face value.

Re:Opaque Audits (4, Insightful)

Rob T Firefly (844560) | more than 7 years ago | (#17681390)

They do have a halfway decent excuse for that, though.
Why are laboratories using proprietary test methods?
Currently, no uniform set of tests exists to determine that a voting system meets federal standards. With the support of the EAC, in 2007 NIST will begin to develop a uniform set of non-proprietary tests to be used in conjunction with the next version of the Voluntary Voting System Guidelines (VVSG 2007). The availability and use of these open tests will improve consistency and comparability among testing laboratories.
Even a baby step in the right direction counts at this point.

Re:Opaque Audits (2, Insightful)

truthsearch (249536) | more than 7 years ago | (#17681478)

So, does that mean once these non-proprietary tests are created the process will be made more open? I agree, any step in the right direction is something good. I just hope that in the end we have real transparency.

Re:Opaque Audits (5, Insightful)

P(0)(!P(k)+P(k+1)) (1012109) | more than 7 years ago | (#17681508)

Even a baby step in the right direction counts at this point.

I think you're being too soft on your own government. Government isn't a child in need of coddling: it's a cynical and self-aware machine that studies to persist at your expense.

Re:Opaque Audits (1)

Stanistani (808333) | more than 7 years ago | (#17682756)

>Government isn't a child in need of coddling: it's a cynical and self-aware machine that studies to persist at your expense.

I think you're confusing the government with those who abuse it (whatever party is in power).

The government at times resembles a half-wit child with a gun.

Re:Opaque Audits (1)

P(0)(!P(k)+P(k+1)) (1012109) | more than 7 years ago | (#17682906)

I think you're confusing the government with those who abuse it. . . .

Hmm; I guess that's the converse of “hate the sin, love the sinner.” Realistically speaking, however, the will to power is so congenitally irresistable that differentiating between government and the abuse thereof is academic.

No: government and its abuse are selfsame (or can be modeled as such with reasonable success).

Re:Opaque Audits (4, Insightful)

Billosaur (927319) | more than 7 years ago | (#17681524)

When you think about it, the lack of standards is probably what has caused the current crop of voting machines to be such dismal failures. While I'm not sure I trust Diebold anyway, given their political connections, they probably would have done at least a halfway decent job on their machines if there were a set of standards to measure them against. It's not enough for the US Government to send out a Request For Proposals outlining what they are looking for, unless the functionality and security can be defined against some kind of standard. If the standards had existed first, maybe the machines would not have all the loopholes and omissions which make them such trash currently.

Re:Opaque Audits (5, Insightful)

truthsearch (249536) | more than 7 years ago | (#17681618)

And if standards exist, maybe more companies can compete equally for the contracts.

Re:Opaque Audits (1)

bberens (965711) | more than 7 years ago | (#17682894)

Perhaps it wasn't easily inferred, but the article is talking about voting machines in the United States.

Re:Opaque Audits (1)

divisionbyzero (300681) | more than 7 years ago | (#17682740)

I agree with you, but not having standards has some value as well. Once you publish a standard it makes it a lot easier for someone to create an exploit that will not be detected by that standard testing method. Of course, that assumes the standards will stay the same which hopefully they will not, but this is the federal government and when have they ever been nimble about responding to a threat?

Re:Opaque Audits (1)

Moofie (22272) | more than 7 years ago | (#17686436)

Good ol' security by obscurity! I hear that's the best kind.

Re:Opaque Audits (1)

gravesb (967413) | more than 7 years ago | (#17682226)

It may still be a step in the right direction, but I would rather have the source code. Really, aren't we as both citizens and voters buying the machines? Shouldn't we have access to them? If a company doesn't want to open the source code, then they shouldn't bid. And arguing that the methods might be copied is easy to overcome. Governments are really the only ones buying these machines, so let them sign a long term contract, and the company gets the same business regardless. And if the contract was long enough, technology would render obsolete anything they develop anyway.

Re:Opaque Audits (1)

Yvanhoe (564877) | more than 7 years ago | (#17682596)

It looks more like a moonwalk in the wrong direction...

Re:Opaque Audits (5, Funny)

pilgrim23 (716938) | more than 7 years ago | (#17681578)

Wait, I thought the Dems won. Doesn't that mean there was no cheating?

Re:Opaque Audits (2, Insightful)

Alien Being (18488) | more than 7 years ago | (#17681880)

No, it just means the Reps didn't cheat hard enough.

You got it wrong (0)

Anonymous Coward | more than 7 years ago | (#17685442)

This democratic "victory" is simply a step in the republican stragegy to sweep in '08. By cheating to help their opponents, nobody will suspect that they are cheating when the constitutional amendment declaring Bush "President For Life and Beyond" and outlawing everything beginning with the letter "D" passes by a broad margin next spring.

Re:You got it wrong (0)

Anonymous Coward | more than 7 years ago | (#17686134)

Please tell me Dubya will be outlawed

going back in time (2, Insightful)

chdig (1050302) | more than 7 years ago | (#17682414)

I wonder how the previous elections' voting computers would fare, being put through the new tests... think diebold would like to see exposed just how many security holes there were in their last series of "machines"?

Re:Opaque Audits (0)

Anonymous Coward | more than 7 years ago | (#17683796)

I still don't understand why they don't enable internet voting to a secure server maintained by a federal agency. It would be simple to avoid fraud just by using a social security number as identification. A log could be kept so voters could always go back in and confirm their vote. Granted, it would still be easy to adjust numbers on the back end, but it would be easy to audit the results with the logs. It just seems like a no-brainer to me. Even for people who don't have internet access, the local voting places could just have terminals there. The whole concept of individual machines having to keep the data which then gets uploaded to a central machine later just seems sort of asinine. The only reason I can see for still doing either paper ballots, or using local electronic voting machines is to limit the number of people who actually vote. I'm sure voting numbers would skyrocket if voting were as easy as logging into a secure system from the comfort of your own home. We'd get a much better picture of what the American people actually want.

you can't do it (1)

zogger (617870) | more than 7 years ago | (#17691022)

There is NO secure way to have computerised voting.

  We had a long established precedent that any citizen worth enough to vote could verify an empty box using nothing more than a set of mark I eyeballs. No programming needed, no electricity needed for that matter.

I don't care how many standards and computers and voodoo assurances you throw at it, computerised voting doesn't pass that minimal "normal human eyeballs" test. I don't care if the code is open or not, even if it is they can still hack it upstream at the next computer, or the nexct one, and you wouldn't know. When it comes to what ownership of the government is worth-ultimate power and trillions of dollars-temptation is too great, or force of blackmail, or whatever-it'll get hacked to pieces.

    All you are doing with computers is swapping around the places and manners where *extreme* and easy large scale voting manipulation can occur. The old method was pretty hard to hack every voting ballot box, even a sdmall percentage, but with computers??? Large scale regional hacking possible, and you wouldn't know. Some got hacked in ye olden days,sure,ballot box stuffing, but having the ability to inspect the empty box, then stand around at night and verify the count, worked about as well as possible over the widest range of precincts.

Computerised voting is designed on-purpose to fake people out with "new shiny" blinkenlights, and that's about it. It's a scam to perptuate the one globalist party system so that this election's "fearless leader" chose by the globalists "wins"..

    The old system wasn't broken so bad that we have to spend billions to completely finish smashing it to pieces.

Paper ballot, indelible pen for marking. No hanging chads, no voodoo "code" counting at some remote server buried in a locked basement someplace and three paid off dudes "verifying" it, none of that. It's lame. A simple ballot box and paper ballots are just fine for voting, and if it takes a-horror!-whole day to vote and another to count..who cares? Why don't we have a full 24 hour voting period *anyway*, what's with near bankers hours for voting? And we have run out of humans who can count, just adding simple sums? I don't think so.

Um... whaaaa? (0)

Anonymous Coward | more than 7 years ago | (#17686936)

Having the US 'certify' fair voting machines is like having Apple certify OS security. And as we know, this is a BAD month for Apple security (or rather, a revelation toward the lack thereof).

Once that's done.... (3, Funny)

parvenu74 (310712) | more than 7 years ago | (#17681382)

When they get done fixing the broken system for certifying voting machines, how about an effort to screen the certifiable morons who keep getting onto the ballot?

Re:Once that's done.... (4, Interesting)

smooth wombat (796938) | more than 7 years ago | (#17681680)

how about an effort to screen the certifiable morons who keep getting onto the ballot?


I know you're trying to be funny but every state has requirements for people who want to run for office. So long as they meet those requirements, anyone can get on the ballot.

However, some states, such as Pennsylvania, have stacked the odds against third party candidates by requiring those candidates to meet higher standards. In Pennsylvania, if you are third party candidate and want to be on the ballot in November (you can't be on the ballot in May), you would need to gather signatures equal to or greater than 2% of the ballots cast for the largest vote-getter in the last statewide election race.

In the most recent election, third party candidates would have needed 67,070 valid signatures to be on the ballot as the highest vote count in the last statewide election was 3.4 million.

Contrast that with the 2,000 signatures that either a Democratic or Republican candidate must gather.

Obviously the answer is to have the legislature change the reqirement but the vast majority of the unwashed masses don't know about the requirement, don't care about the requirement, and are happy enough simply voting straight ticket.

Besides, can you imagine what would happen if it were easier for third party candidates to get on the ballot? Why, there would be competition and choice during an election! We can't have that, now can we?

Re:Once that's done.... (1)

smoker2 (750216) | more than 7 years ago | (#17682260)

In the UK:

To stand for election, a candidate must submit a nomination paper signed by ten electors* for the constituency and lodge a deposit of £500, which is refundable only if the candidate receives more than 5% of the total votes cast for each candidate at the election.

* electors meaning members of the electorate, ie. general eligible public (for that constituency)

Re:Once that's done.... (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#17681866)

When they get done fixing the broken system for certifying voting machines, how about an effort to screen the certifiable morons who keep getting onto the ballot?

Sorry, I don't think that they can ban Democrats outright.

Advances in technology for voting (1)

zappepcs (820751) | more than 7 years ago | (#17681396)

will not only bring the process of voting into the 20th century, but it will allow a much faster recount of dead people's votes.... /sarcasm

i like the way i vote now (1)

Prophetic_Truth (822032) | more than 7 years ago | (#17681460)

I take a black marker and complete an arrow next to the item I wish to cast my vote for. There is an election official next to the machine which reads in my ballot and electronically tallies my votes, along with the rest of the votes for that district. That way you have both a paper trail with the convenience of electronic tallying.

Re:i like the way i vote now (2, Informative)

truthsearch (249536) | more than 7 years ago | (#17681586)

With electronics, the biggest issue is the tallying, not as much the method of voting. Tallying can be corrupt with no voter noticing.

Re:i like the way i vote now (1)

Alchemar (720449) | more than 7 years ago | (#17683818)

And the guy doing the tally puts a big mark next to your name because you didn't vote for the person that your boss "requested" you vote for. You didn't need that cost of living wage anyway, because that is part of the trickle down theory your canidate would vote against. There is a reason that votes are to remain secret.

Competitors (-1, Offtopic)

WiseMuse (1039922) | more than 7 years ago | (#17681480)

Who are the competitors of the SeaMonkey Internet Application Suite?

Doesn't matter if the standards are the same... (3, Interesting)

RyanFenton (230700) | more than 7 years ago | (#17681492)

Are these new testers truly being paid to examine these machines completely and exhaustively, or are they being paid to run a script, and sign a document?

If it's the latter, then as long as the standards anywhere close to where they have been, we'll continue working with virtually whatever the voting machine companies assert is good.

Ryan Fenton

Re:Doesn't matter if the standards are the same... (0)

Anonymous Coward | more than 7 years ago | (#17687798)

I did voting machine testing (testing carried out on every voting machine in the state.) Explains why I'm posting as AC...
The script was provided by the manufacturer. On day one of the testing, the script proved to not match the actual screens or voting process. Almost seemed as if the person who wrote the script didn't know how the machine worked. On day two I rewrote the script so that it actually represented the screens presented and the voting process.
The testers were temp. agency workers who knew nothing about testing. In fact, I am not a software tester (developer, development manager.) Most were very familiar with the machines and fixed the problems that occured along the way rather than putting in a failure report (this mostly applied to printing problems - the printers were terrible add-on's that jammed all the time.)
After day two, the vendor didn't like the way the results were coming out, too many crashes, so they modified the test procedure (self tests were exluded, no changes were made to the voting process that I corrected.)
All of the results to that point were thrown out and we started fresh.

This is how voting machine testing was carried out. If this is how voting machine testing will be carried out in the future, don't bother.

AC

Why is it (4, Insightful)

gillbates (106458) | more than 7 years ago | (#17681580)

That politicians can't grasp the immediately obvious? Why do they even bother with electronic voting machines when:

  • The voters don't want them, and,
  • They cost more and are less reliable than paper ballots, and,
  • The technical community thinks they're dangerous to democracy.

How could any politician come to a conclusion that electronic voting machines make sense? There is no compelling reason to use electronic voting machines at all. The only possible explanation I see is that counties which bought electronic voting machines had county officials on the payroll of the voting machine makers.

The fact that they've been purchased seems to suggest that politics is already not quite as transparent as it should be.

Re:Why is it (1)

lividdr (775594) | more than 7 years ago | (#17681862)

I think you over-estimate how much people "actively" don't want these things. I'm sure plenty of people don't like them, but are people really going to get involved?

The "scandal" around the 2000 election opened the door - "hanging chads", people whinging that they were confused and *might* have voted for someone by accident because the inanimate ballots are to blame, overseas armed forces ballots getting lost, state attorney generals getting involved, the supreme court deciding the election, etc. The general public just doesn't care, not enough to get off the La-Z-Boy and complain to a public official who isn't going to do anything anyway. Maybe if one of these electronic voting machines kidnapped a child, or slid down an icy hill and hit a dozen cars - maybe then the general public might care for a minute or two.

It must be Friday - I'm feeling especially cynical today. Scotty, more power to the sarcasm dampeners!

Re:Why is it (1)

DudeTheMath (522264) | more than 7 years ago | (#17681940)

There are two compelling reasons for EVMs. The most important is that the blind can vote without assistance (preserving the secret ballot). The second is to simplify ballot format: no more will we have the creative "butterfly" ballot (an attempt to squeeze more candidates into a given page space by alternating names on either side of the central "punch" area), which on its own may have swung the 2000 election. Did you know that Pat Buchanan received more votes in Palm Beach County (well-known as a haven for Jewish retirees from New York City) than Al Gore lost by in the entire state of Florida?

Of course, we may need multiple screens for all the candidates; who wants to be on screen three? EVMs also ought to have methods of randomizing the order of candidates; I've read that there's a bias towards selecting the first candidate in a list. Of course, election supervisors also need to be *allowed* to randomize the order; I think Florida law says that the candidate of the incumbent's party is always listed first (naturally). I wonder if this bias is why almost all the constitutional ballot initiatives get passed in this state, since "Yes" is always first. Actually, while I was living in South Bend, IN, the county election supervisor said it was "too hard" to randomize names on ballots, and always listed them in alphabetical order. Boy, if that's too hard.... She was voted out in the very next election.

Blind Votes (1)

camperdave (969942) | more than 7 years ago | (#17682834)

You guys are getting way complicated. Forget the punch-outs, the electronics, etc. Print a list of names with a box next to the name, and the voter puts an X in the box. Print a batch that is both in ink and in braille, with a raised edge around the box. Or maybe give the voter a ticket and have a few boxes in the booth. The voter just drops the ticket in the box corresponding to the candidate they wish. Print the name of the candidate in braille, in ink, and throw on a picture too, so the illiterate can vote.

Of course, we may need multiple screens for all the candidates; who wants to be on screen three?

Sheesh! Screen three? I thought you guys had a "two party system". How do you get three screen-fuls of candidates with only two parties? I live in a country where we have multiple parties, and the most candidates I've ever seen on a ballot was eight, or so.

Re:Why is it (2, Insightful)

PadRacerExtreme (1006033) | more than 7 years ago | (#17681990)

The voters don't want them

I think you are confusing the /. crowd with the 'normal' mom & pop crowd. For the non-technical people it is much easier to press a box with the person's name (which then changes color) that poke a hole in a card.

Re:Why is it (1)

Chandon Seldon (43083) | more than 7 years ago | (#17684112)

I have an amazing piece of technology I'd like to suggest that makes hole punching absolutely obsolete: the Sharpie Brand Permanent Marker.

Re:Why is it (1)

mpe (36238) | more than 7 years ago | (#17687410)

I think you are confusing the /. crowd with the 'normal' mom & pop crowd. For the non-technical people it is much easier to press a box with the person's name (which then changes color) that poke a hole in a card.

It's even simpler to place a cross in a box on a piece of paper/card.

Why do they even bother? (2, Informative)

wiredog (43288) | more than 7 years ago | (#17682026)

Florida, 2000. Hanging chads. Confusing paper ballots. The electronic voting mess was supposed to prevent that from ever happening again.

Re:Why is it (2, Funny)

freezin fat guy (713417) | more than 7 years ago | (#17682506)

You don't understand - we've got this surplus of cash sitting around which we're not allowed to spend on education or universal health care.

Re:Why is it (1)

k1e0x (1040314) | more than 7 years ago | (#17686236)


I don't think people do want them, You tell people.. "Hea lets spend billions for a voting system that does no better job than the current one and has no paper trail.. but you get to know who wins instantly.. right after the lawsuits are finished that is."

Politicians want to push these over on people and they will, "they will get use to them over time.. muhahaha!"

All we need is to convert counties using wierd systems to a system where we use our number 2 pencils to fill in the dot on a paper ballot. The ballot gets read by a machiene made in the 60's, the votes are tallied and the ballot goes into a locked bin. If the race is contested, we count the paper balots. Its fast, its easy, it just works, and its secure.

Recommendations? (1)

WiseMuse (1039922) | more than 7 years ago | (#17681588)

How will "recommendations" change anything? Don't we need laws that protect the integrity of the voting process? Just asking...

Re:Recommendations? (1)

planetmn (724378) | more than 7 years ago | (#17682224)

No. If I've learned anything on slashdot, it's that the free market will sort this out.

All joking aside, there needs to be a law that does protect the integrity of the voting process. But I believe we have these. It gets to be a problem though when you try to prove that somebody tampered with the electoral process. How do you show something was an intentional security backdoor, versus just a programming error? You can right specs and standards for this stuff, but specs have ambiguity, there are different interpretations. I have never seen a fool-proof spec.

I like the way voting has worked in the areas I've lived. You fill out a scantron-type sheet (the ovals that are optically read by a machine) and insert the sheet into the reader. The reader can verify that the ballot is filled out properly, and if not, request the voter to fill out a new form. You also have a verifiable paper trail.

-dave

Watchmen (3, Insightful)

jdcook (96434) | more than 7 years ago | (#17681598)

Let me guess: the auditors are political appointees?

Re:Watchmen (1)

cbrichar (819941) | more than 7 years ago | (#17682372)

Sir, I'll have you know that Halliburton E-Voting & VLT Analysis Corp. fought a hard battle to win that contract.

I'm waiting for the day when... (3, Funny)

gillbates (106458) | more than 7 years ago | (#17681636)

some hacker group gets Mickey Mouse elected via electronic voting machines. I'm wondering if even then people will pay attention.

Re:I'm waiting for the day when... (4, Funny)

hclyff (925743) | more than 7 years ago | (#17681952)

Well, you elected GWB twice and nobody suspects a thing. Now tell me what makes you think people would pay attention if Mickey Mouse got elected... ?

I thought so.

Bah! (1)

Khammurabi (962376) | more than 7 years ago | (#17686262)

Mickey Mouse wouldn't get elected. His sexuality would be questioned immediately. He walks around bare-chested, hangs out with a pantless duck, and has yet to produce a single offspring or even marry his girlfriend of 50+ years (not to mention that odd high pitched voice of his).

Bah! Goofy has a far better chance at the presidency. Now there's a complete fool I could respect!

Re:I'm waiting for the day when... (0)

Anonymous Coward | more than 7 years ago | (#17682150)

Mickey Mouse elected? Aren't there enough problems with continual copyright extensions with just Disney involved already?

Re:I'm waiting for the day when... (1)

catalina (213767) | more than 7 years ago | (#17683230)

...gets Mickey Mouse elected...

Hmm. Some interesting possibilities. Thinking about the future, imagine what it would cost to put President Mouse's picture on currency. Would Disney license that use, and would the guv have to pay royalties for each bill/coin in circulation?



And there's also the argument that we already have a mickey-mouse president.....

whats wrong with this picture? (3, Insightful)

gordona (121157) | more than 7 years ago | (#17681648)

Why is this just happening now after several years of use (and possible misuse)? Note to readers: this is a rhetorical question. I work for the cable industry which spends lots of money and time for years, certifying devices that get attached to the cable networks. I guess this is more important that ensuring the veracity of our voting systems. But this begs the question. The voting machines are only one link in the chain and perhaps not even the weakest link. Previous elections have quite possibly been affected by selective voter purges and mishandling of ballots--do provisional and absentee ballots even get counted? So, certification of the devices is a needed measure as is holding in escrow the source code of the devices. But this is not the only measure that should be taken.

"If god had wanted us to vote, he would have given us candidates"

Re:whats wrong with this picture? (1)

Rob the Bold (788862) | more than 7 years ago | (#17685526)

Why is this just happening now after several years of use (and possible misuse)? Note to readers: this is a rhetorical question. I work for the cable industry which spends lots of money and time for years, certifying devices that get attached to the cable networks.

The certification of voting machines is not new. There have been federal requirements that electronic voting machines' software be "third party certified" for some time now. The new phenomenon is certifying the certifiers. Previously you could hire a code auditor to examine your voting machine's source code who would certify to the feds that your system was clean. There was a lot of room for abuse, since there was no guarantee that the code you gave the auditor was the code compiled and running in your hardware. Since there were very specific requirements for code-readabiliity, the company would need to spend considerable time and effort preparing a "clean" version of the code for review.

Since the equipment manufacturer is required to hire the 3rd party auditor, then the manufacturer also decides when to send in the audit results. Naturally, you would send those in after your auditor gave you a passing grade. Presumably, you would also then put this "clean" code into production. I was involved in this process as a contractor for ES&S's engineering consultants. I never did see the "clean" code merged back into the production code.

The cable company, on the other hand, stands to lose subscribers if the hardware doesn't work.

if you ask me.... (1)

mastershake_phd (1050150) | more than 7 years ago | (#17681860)

Any election where your vote is secret can be rigged. There have been stories of boxes of paper ballots disappearing. If the e-voting machines gave you the voter a receipt with a vote ID number, and your vote was published(say online) how could elections be rigged? Would it be worth the invasion of privacy to ensure a secure voting system?

Re:if you ask me.... (2, Insightful)

DudeTheMath (522264) | more than 7 years ago | (#17682048)

And any vote that's not secret can be coerced. Heard any news lately about the U.S. Chamber of Commerce pushing for legislation to make votes to form a union non-secret?

Admittedly, in this country, it's hard to believe there could be wide-spread voter tampering, but vote-buying could still occur. For example, a company president could offers election day as a paid holiday (or just a monetary bonus) if the employee brings in his or her ballot indicating a vote for X? Or something more sinister: offer a paid holiday to all who show their ballot, but record who voted for whom, and using that data for some nefarious purpose.

Re:if you ask me.... (3, Insightful)

lividdr (775594) | more than 7 years ago | (#17682112)

It wasn't that long ago that being identified as a "Communist" was enough to be accused of treason and brought before a Congressional inquest. It's nice to think that nobody will care how you vote, but once your voting record is public there are all sorts of people who wouldn't think twice about using it in judgements. It isn't that much of a leap to imagine being denied work or fired because you didn't vote with the PHB.

See also, http://en.wikipedia.org/wiki/House_Committee_on_Un -American_Activities [wikipedia.org] and http://en.wikipedia.org/wiki/Joseph_McCarthy [wikipedia.org] for historical reference. There is already a fair portion of the public who thinks secret wire-taps are okay for catching "terrorists" - is it that much further to extend this to investigating people who vote for medical marijuana (drug users!) or assisted suicide (serial killers!)? Or those who voted for Keith Ellison (D-MN), that new muslim representative who surely has ties to the terrorists - he even insisted on using the Quran at his swearing-in!

Re:if you ask me.... (1)

mastershake_phd (1050150) | more than 7 years ago | (#17682214)

Ok, well we could give everyone a receipt. And you could go online to make sure no one changed who you voted for. Like you can look up keno games now. You could look up vote #s. As long as the vote # isnt ties to a person there would be no problem. With the results public you could write verify the results yourself, and anyone whos vote was changed would have their receipt to prove it.

Re:if you ask me.... (0)

Anonymous Coward | more than 7 years ago | (#17684296)

Actually, with cryptography, it's perfectly possible that each voter could verify what he/she had voted, while his vote is still secret. Though, I don't know how practical it is on a nationwide-scale, you could certainly use it on local ones. Sorry, but I don't have the time to look up a name of an algorithm, but if you're interested, google it. Also, it's explained in the book "Applied Cryptography".

Re:if you ask me.... (1)

mpe (36238) | more than 7 years ago | (#17687614)

There have been stories of boxes of paper ballots disappearing.

How hard is it to design ballot boxes with a tamper resistent tracking device and to have cameras watching when the ballot papers go in and when the boxes are opened to count the votes?

Paper Ballots Hand Counted (0)

Anonymous Coward | more than 7 years ago | (#17682004)

The simple, less deadly, less costly answer is.

Paper Ballots Hand Counted

Bradblog [bradblog.com]
Black Box Voting [blackboxvoting.org]

WAKE THE FUCK UP!

faRgorz (-1, Troll)

Anonymous Coward | more than 7 years ago | (#17682066)

It's a start, maybe. (0, Redundant)

fuego451 (958976) | more than 7 years ago | (#17682120)

This may be a step in the right direction but, as we have seen so many times, throwing more bureaucracy at a problem usually doesn't help much.

I simply don't understand the pigheaded stubbornness against using an open source operating system for voting machines. Voting is one of the key elements of our democracy and should be completely transparent. Sure, someone could/would/will find a way to cheat but openness in the process would at lest instill a little more confidence in the overall system.

I have a question for our Australian brothers and sisters. I know an open source operating system was written for voting machines there which was reported and discussed here on /. (I can't find the news item.). Has it been accepted and is it being used?

Redundant? (1)

fuego451 (958976) | more than 7 years ago | (#17687988)

I'm not here to gather mod points, not that I think I have the writing ability to do so if I wanted to, and I can certainly understand that my post may not be interesting to anyone in particular but 'Redundant'? I think that's a stretch.

Earlier today, someone complained of the same thing but I'll be damned if I can find it; not that it really matters. /.'s search function only covers 'posted' articles/comments; if by 'posted' they mean 'added to the database'. Firefox's 'Find' seems to have lost some of its functionality as well and routinely balks a large pages. Oh well, c'est la vie

Re:Redundant? (1)

fuego451 (958976) | more than 7 years ago | (#17690268)

The parent was posted as a 'Reply' to and earlier post I submitted [slashdot.org] . I can't imagine how it became a new thread. I wonder what will happen to this post?

Just another money grab (1)

tearmeapart (674637) | more than 7 years ago | (#17682618)

Is it just me, or is this another chance to create a group that will just suck all the money in and be corrupt?
What is the likelihood that this group would be able to satisfy everyone and have enough power to keep elections from being rigged? //Thanks God for being born in Canada ///Not that we are much different.

Voting Computers (2, Insightful)

benjonson (204985) | more than 7 years ago | (#17683104)

As was pointed out on slashdot yesterday http://politics.slashdot.org/article.pl?sid=07/01/ 18/152205 [slashdot.org] , calling these things voting computers rather than voting machines gets the story across much better. People might wake up when they hear these things more accurately described.

More crap like NIAP? (4, Interesting)

bug (8519) | more than 7 years ago | (#17684310)

Another one of NIST's big security certification schemes is NIAP. It's difficult to see it as anything but a failure. The "protection profiles" that systems are tested against sometimes explicitly assume a benign environment with no hackers. Hello, what's the point then? Also, the most common certifications don't involve source code verification or any other kind of strenuous testing. Just take a look at the list of crap [bahialab.com] that they have validated, including some products with absurd levels of vulnerabilities. Apparently, Microsoft Windows is very secure, according to NIST's NIAP. Note also that, because this is pay to play, many of the best security tools are completely missing from the list. If I had to bet money, I'd say that well-heeled companies like Diebold will make it through the testing despite a lot of vulnerabilities, and the public will be no better off.

Nothing wrong with NIAP itself (1)

LanMan04 (790429) | more than 7 years ago | (#17684782)

You're got the right idea, but you're placing the blame with the wrong folks.

Protection Profiles are written by the organizations using NIST standards. If Microsoft (for example) chose create a really, really lame Protection Profile for their ToE (Target of Evaluation, in MS's case several of their flagship OSes), that's their crap/deception, not NIST's. A lame PP would be one that states the system will never be connected to a network, is protected from physical access, never has unsigned code running on it, etc etc.

NIST makes standards, but doesn't controll how they are used in the wild. It's like me saying "I'm a certified genius at age 30, but only when tested with materials designed for 4th-graders". There's nothing wrong with the test that was administered, but the *context and application* are all wrong. Several MS OSes are certified at EAL4 with totally bullshit PPs, but that's MS's evil deed, not NIST's.

EAL by itself means nothing.
EAL + PP gives you most of the picture.

REMEMBER - "EALs refer to the level of confidence in the conclusions of the evaluation, and not to the level of secrity the product provides".

Re:Nothing wrong with NIAP itself (1)

Moofie (22272) | more than 7 years ago | (#17686606)

Are you two trying to corner the market on acronyms? Because, seriously, the military has some GAME. Y'all better step up.

Re:Nothing wrong with NIAP itself (1)

LanMan04 (790429) | more than 7 years ago | (#17687276)

Worked for the US government for a while in security.

Rainbow Books WTF!

Re:Nothing wrong with NIAP itself (1)

Python (1141) | more than 7 years ago | (#17690104)

Be that as it may, the NIAP is still a failure because the agencies don't seem to understand the short comings of the program. The perception is that EAL levels are some quantification of security. The higher the level, the better it must be, and if a product doesn't have an EAL - well then we shouldn't use it. Which means a lot of excellent security tools are excluded from agencies, particularly at DoD where they are really needed.

For example, when conducting pen tests I've personally had to battle the EAL religion to just get decent tools approved for my teams, because NONE OF THEM ARE CERTIFIED. Which is both not a surprise, as some of the tools are so new (even the commercial ones) that they couldn't possibly have an EAL, are not maintained by people/organizations that have any motive to get them certified or take so long to get one that he state of the art tools are not available. You are left using older, less reliable and often times less secure products. Hell, at one point we had to battle over using Linux attack boxes because at the time Windows had a higher EAL! There was an insane perception that Windows would be better and after installing SP2, which was STIG mandated, the boxes were so slow at port scanning the IG caved and said go with Linux because the audit was going to take SO LONG it wouldn't get done in time. All of this stupidity was driven by the irrational belief in the holiness of the EAL.

Couple this with the false sense of security the level gives, and the fact that it really doesn't add anything by itself - as you yourself said - and it begs the question: Is the value worth the cost? Experience has taught me that it does not. The EAL is just a rehashing of older certification methods (remember the old A, B, C levels?) and those were not very useful either (unless you went for the top levels, and even then there were problems). Its not rigorous enough to be a real evaluation (even a full code review doesn't mean a product is safe, prudence says assume the worst, which is why its a damn good thing the GIG and SIPR are on their own physical networks), it doesn't truly test the security posture of a product, its takes too long to get a through test - so vendors are tempted to short cut via a bogus PP - and it doesn't mean that a product is or is not an acceptable risk for an organization to use. And yet, its POLICY now that you can't use controls that don't have an EAL. The EAL carries tremendous weight just for that alone. I can not tell you how many IASM's and IASO's that try to argue to IG teams that the higher an EAL score the more secure it must be. And then can't imagine how their precious boxes just got owned by the Red Team. Uh, because the EAL doesn't mean jack, or the PP was junk, or hell the box just had a big fat hole in it.

The NIAP program is garbage. The buyer is left with what, a level to tell them the confidence level in the conclusion? OK, so that means most of the EAL's mean: don't trust the conclusions. And yet the agencies think: EAL = secure. They don't get that. They don't understand that the EAL score is just a "only trust this conclusion X percent", they think its a score of how secure a product is. Its a failure for that reason alone. The NIAP just sends the wrong message to the agencies.

Tubg,irl (-1, Troll)

Anonymous Coward | more than 7 years ago | (#17685012)

paper towel5, [goat.cx]

No one cares about Diebold anymore (0)

Anonymous Coward | more than 7 years ago | (#17689378)

It was Democrat demagoguery all along. Now that the Democrats swept 2006, electronic voting is the perfect embodiment of the "the will of the voter"!

If anyone stood up and said: "Pelosi, Reid and Dean stole the election!" they'd be escorted to the looney bin, where all the faithful of President Gore belonged in 2000.

Maybe someone could help me understand... (1)

Monoliath (738369) | more than 7 years ago | (#17689414)

...what in the hell is so god damn hard about making sure that a device records a selection that a user makes via a touch screen? What the hell about certifying that process needs to be kept as a 'trade secret'?

This is all a bunch of media-spin garbage to get people to buy into blackbox voting, which (and I apologize for my arrogance) anyone with half a brain should see, is a horrible idea.

As far as me and my tax dollars are concerned, all voting software should be open, methods transparent and certification records to be made public. There should be [b]NO PRIVATIZATION of ANY ASPECT of our DEMOCRATIC ELECTORAL PROCESS, EVER, FOR ANY REASON![/b]

This isn't rocket science and never has been, our current moronic whitehouse administration just wants you to think so.

It's just like the whole 'hanging chad' crap, it's just a distraction from what really needs to be done and shown.

1 for you, 2 for me! (1)

sciop101 (583286) | more than 7 years ago | (#17693200)

"Tallying can be corrupt with no voter noticing."

The fair voting system favors the winner.

I mean, the fair voting system disfavors the loser.

LET'S HANG CHAD AGAIN!

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?