Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Researchers Crack Every Certified CA Voting Machine

Zonk posted more than 7 years ago | from the perhaps-we-should-use-stone-tablets dept.

Security 154

ewhac writes "The San Francisco Chronicle is reporting that computer security researchers throughout the University of California system managed to crack the security on every voting machine they tested that has been approved for use in the state. The researchers are unwilling to say how vulnerable the machines are, as the tests were conducted in an environment highly advantageous to the testers. They had complete access to the devices' source code and unlimited time to try and crack the machines. No malicious code was found in any of the machines, but Matt Bishop, who led the team from UC Davis, was surprised by the weakness of the security measures employed. The tests were ordered by Secretary of State Debra Bowen, who has until Friday of next week to decide whether to decertify any of the machines for use in the upcoming Presidential primary election."

Sorry! There are no comments related to the filter you selected.

And the problem with paper was? (4, Insightful)

seanadams.com (463190) | more than 7 years ago | (#20021749)

So before, the only people who probably knew how to crack these would have been the people who designed them, plus whoever else had access to the source code, plus probably a whole bunch of administrators who would have access to the data files during the election.

Now, as if that's not bad enough, in addition to all of them we have a whole team of hackers who have proven that they know SPECIFICALLY how to do it. And by the way, they hacked both the voting machines themselves AND the back-end remote machines that do the tabulating.

And those facts are all public knowledge now!

So if these machines were merely "ridiculously" insecure to begin with, now they're just split wide open like a dvda. Yay democracy. What exactly does Ms Bowen need until next Friday to fucking think about?

And please, can we quit calling them "computer security researchers"? What's wrong with hackers? When did we start on the euphemism treadmill [wikipedia.org] ?

Re:And the problem with paper was? (4, Insightful)

Lockejaw (955650) | more than 7 years ago | (#20021905)

And please, can we quit calling them "computer security researchers"? What's wrong with hackers? When did we start on the euphemism treadmill?
When the media decided that a "hacker" is someone who secretly breaks into your computer and fills it full of spam and child porn. So we needed a word for people who break into computers without being secretive about it and don't fill it with bad stuff.

Re:And the problem with paper was? (1)

abigsmurf (919188) | more than 7 years ago | (#20022029)

If you're going to be pedantic on the hack/security researcher issue then it's worth mentioning that a hacker actually means any coder. A cracker is the correct word for the common use of hacker.

Re:And the problem with paper was? (0)

Anonymous Coward | more than 7 years ago | (#20022059)

Yes. I think we should start using the word cracker for all the white-hat hackers. Media should pick it up in no time and after a while we might get the word hacker back.

Re:And the problem with paper was? (1)

cheater512 (783349) | more than 7 years ago | (#20022583)

A hacker is a particulary gifted programmer, not any random programmer you find on the street.

Better to be decertifier than certifier. (1, Interesting)

Anonymous Coward | more than 7 years ago | (#20022759)

The decertifier always has more authority than the certifier is the weakness of the certification is demonstrated.

The decertifier can retire the certifier's licence and suspend the enterprise's certification.

Hacking??? (5, Insightful)

cluckshot (658931) | more than 7 years ago | (#20023341)

Since I have on my computer the software for many of the major voting machine companies and I worked reviewing it for one of our big US States, (Not California) I might have a thing or two to say on the issue.

The first thing to understand is that the audits under the voluntary national standard for voting machine software do nothing about securing a ballot. The next thing to understand is that the public authorities don't want secure software on voting machines. -As politely as it can be said- Who in the hell do you think steals elections? --- Not the voters I can assure you! It is election officials. Next you have to understand that the purpose of modern voting machines isn't to prevent errors, it is to eliminate any evidence that they happened. Next you have to understand that some company or another wants to sell all the machines to run the election and that they don't want the election officials to be able to buy machines by another brand without having to go to the cost of ripping out the entire system by its roots and halting the whole world. In short they want to hold the political agents hostage to their company and make them pay through the nose on every election. How else does a scanner machine which might be worth $200 become a machine worth $30,000?

Now that we have identified the motives in play here and there may be a few more nasty habits around like companies wanting to control political events..... Lets get down to the brass tacks here! Any election system worth anything should have some of the following attributes and possibly some more.

(1) It must be machine independent. So that any device that fails can be easily replaced.

(2) It must be transparent in its software where anyone can see the code and see that it does what it says.

(3) It must be receipt based where it can be checked by additional 3rd party methods. Recounting must be possible and not just memory buffer checks.

(4) It should be isolated from external attack only reporting via network and protected from intrusion by device isolation. This means no USB drives and no standard internet connections etc.

(5) It must be custody of data prevented from having the political authorities being able to destroy the evidence of an election fraud.

Making elections report totals quickly accurately and with receipts and such is no problem. Technically this is very easy. I probably could write in a few days the structure and code it in a matter of months myself. I would get nowhere because the political leaders would find their methodology of stealing elections in great trouble. Unless the voters rise up and get really angry on this one, expect the development of a silent dictatorship in which you hold elections and keep on loosing to the powers that be. (Maybe it already is here????)

Mod Parent Up (2, Informative)

mad.frog (525085) | more than 7 years ago | (#20023617)

This is a valid comment, but is modded into oblivion for some reason...

Re:Mod Parent Up/yes do it (0)

Anonymous Coward | more than 7 years ago | (#20023951)

my guess is paid off jerk government shills did the down modding on behalf of their "superior beings" under orders from loftier heights. Can't have the rabble knowing about how they are being manipulated all the time, might cut into profits!

Re:And the problem with paper was? (1)

adrianbaugh (696007) | more than 7 years ago | (#20023545)

"white hats" uses less electronic paper than "computer security researchers" though. Obliterate nugatory verbiage.

Re:And the problem with paper was? (1)

jez9999 (618189) | more than 7 years ago | (#20021941)

What exactly does Ms Bowen need until next Friday to fucking think about?

Perhaps they can now modify the sourcecode to make it secure?

And please, can we quit calling them "computer security researchers"? What's wrong with hackers?

In popular culture, the word hacker has become a euphamism for 'black-hat hacker'. They need to indicate that these guys are white-hats.

Re:And the problem with paper was? (1)

TapeCutter (624760) | more than 7 years ago | (#20021995)

"What exactly does Ms Bowen need until next Friday to fucking think about?"

An excuse. /ducks

Re:And the problem with paper was? (2, Informative)

tjkslashdot (809901) | more than 7 years ago | (#20022095)

And please, can we quit calling them "computer security researchers"?
Well, Matt Bishop [ucdavis.edu] is actually a "computer security researcher" with a PhD, papers, and books to prove it. And the first sentence of the friendly article actually did use your coveted term.

Re:And the problem with paper was? (1)

SamSim (630795) | more than 7 years ago | (#20022359)

Quiet, quiet! If we play this right, we can make it so the grand masters of the future of humanity are its technological elite! Which was the plan all along!

Re:And the problem with paper was? (1)

iminplaya (723125) | more than 7 years ago | (#20022429)

When did we start on the euphemism treadmill?

Probably around the time somebody complained about "master/slave [snopes.com] " drive setups.

Re:And the problem with paper was? (1)

funkatron (912521) | more than 7 years ago | (#20022451)

So thats why they invented SATA

Fraud (3, Insightful)

WindBourne (631190) | more than 7 years ago | (#20022789)

Paper elections can and has been taken over. I am not so sure at this time if any in the USA are, but Texas, Florida, and Chicago had a LONG TIME well deserved voting fraud issues. That is why EVERY box has 2 or more ppl going over the vote, with each person coming from 1 of the 2 major parties (interestingly, they are not required to have a person from all parties that are running candidates, just from the major parties). The current elections since 2000 (probably before), have shown how easy it is for general election fraud. In particular, in Florida, the gov. was not allowing votes from anybody with the same name as criminals in high democrat counties only. In ohio, they had 3 ppl (democrats) certify an election by picking certain boxes, counting them before hand, and then using those for their "random" tests. They were suppose to pick a number of random boxes and check their results as well the count. They just did not feel like doing it.

There are VERY good reasons for going to computers. Sadly, not only has the computers obviously not been designed and built well, but the vetting process in nearly all states has left a LOT to be desired. In nearly all cases, the groups have been willing to accept systems that several major companies thrust on us. What fascinated me, and should have been of interest to all the groups, is that NONE of these major machines wanted back-up paper system added in. In ALL cases, it would be their paper (i.e. get to gouge), and of course, they would be required to have somebody around to handle things (at least at the county level). This would be a recurring revenue stream for them. And yet, they fought it esp. diebold. That should be making ALL of those groups nervous, and instead it takes a judge to be looking at this issue.

The computer systems ARE the right idea. The choice and implementation have been disasters. Welcome to Amerika.

Re:Fraud (1)

Zironic (1112127) | more than 7 years ago | (#20023197)

In Sweden we have 5 people for every 3 (sometimes 4) voting boxes who are supposed to be party neutral (no one asks your party affiliation). The only issues we've ever had with voting fraud is when representatives of parties have gone to people that can't go to the voting locale (elderly and disabled) and tried to coerce them into voting for their party sometimes only providing the ballot of their own party.

In the voting locale we have a list over everyone legible to vote in our boxes (around 1000 people for every 3-4 boxes) and there is no risk with confusing people with the same name as a non legible voter since we go by birth date+number YY-MM-DD-NNNN instead of names for identification.

I fail to see the benefit of an insecure computer system compared to hand voting.

Re:Fraud (1)

mithras invictus (1084169) | more than 7 years ago | (#20023229)

The problem with that is that election fraud with paper votes is either reduced to a very small number of votes or needs a dangerously large group of conspirators. With computer voting a small number of people (less chance to be caught) can have a huge effect on an election. Traditional voting has several safeguards built in which also enable a recount if foul play is suspected. I agree that a fictional well designed voting machines could be an option, but we need to get it right before they are deployed.

Re:And the problem with paper was? (1, Interesting)

Anonymous Coward | more than 7 years ago | (#20022933)

Well, the only rational thing to do is to de-certify the machines, and issue a temporary operating permit. Then issue orders that will detect IF tampering occurred.

Next you need to find the fools who selected these machines and punish them , make their certifications public, thereby ruining reputations of people who did a very poor job.

Australia and some other foreign countries DO have working voting software, loaded with many checksums and hashes, so that IF there was a fiddle, you can 'play back' the transactions, and detect something is wrong.

Very hard to believe American stuff that calls a bunch of VB calling Excel routines with a front dressing passed muster, let alone USB ports with autoplay switched on.

Security through obscurity? (2, Insightful)

mithras invictus (1084169) | more than 7 years ago | (#20023133)

How could this have been modded "insightful"?

Aren't you glad it is public knowledge now how rediculously insecure those machines are? These machines should never have been used and the people you call "hackers" have done what the government should have done BEFORE using them for black-box voting.
Are you advocating security though obscurity where the safety of the democratic process depends on a small group of people we trust not to abuse their position? I'd much rather have a verifiable solution.

I say someone in the government is finally doing the right thing here.

Re:Security through obscurity? (1)

seanadams.com (463190) | more than 7 years ago | (#20024169)

Aren't you glad it is public knowledge now how rediculously insecure those machines are?

Of course I am! What on earth gave you the idea that I was complaining about the machines being proven insecure? The point is that whereas before, one might have tried to dismiss hackability of the machiens as speculation, now there is no excuse for _anyone_ to allow them to be used. Perhaps the tone of my comment was lost on you?

Re:And the problem with paper was? (1)

Aredridel (93503) | more than 7 years ago | (#20023575)

Actually, they're computer security researchers.

Think "Masters of Computer Security" as a degree. Yes, UC Davis has a program for this.

Re:And the problem with paper was? (1)

cpeikert (9457) | more than 7 years ago | (#20024295)

And please, can we quit calling them "computer security researchers"?

We can't in this case because these people really are computer security researchers. They are top academics from strong institutions.

Ooh, Shiney! (3, Insightful)

pipingguy (566974) | more than 7 years ago | (#20021755)

If voting is the core of a democracy then the transparency of the process MUST be paramount. Chuck out the whole concept of voting if average citizens have to understand and correctly interpret the latest whiz-bang technology.

Re:Ooh, Shiney! (3, Insightful)

fl!ptop (902193) | more than 7 years ago | (#20021815)

Chuck out the whole concept of voting if average citizens have to understand and correctly interpret the latest whiz-bang technology
i'm not sure the average citizens need to understand more than 'press here for candidate a', 'press here for candidate b' (obvious side-discussion regarding knowledge empowering voters to select better candidates avoided here), but those who make decisions about what procedures and machines are used to ensure the votes are tallied fairly have to consider it. poll workers are volunteers, have direct access to the machines, and are probably the weakest point of resistance to those who are truly motivated to throw an election, for reasons that are nefarious or otherwise.

Re:Ooh, Shiney! (1)

Alien Being (18488) | more than 7 years ago | (#20022111)

"...but those who make decisions about what procedures and machines are used to ensure the votes are tallied fairly have to consider it"

But how will we choose the people to make those decisions? How will we know that we really had freedom of choice?

Re:Ooh, Shiney! (4, Insightful)

rbarreira (836272) | more than 7 years ago | (#20021963)

Winston Churchill has the solution:

The best argument against democracy is a five minute conversation with the average voter. -- Winston Churchill.

Re:Ooh, Shiney! (1)

zippthorne (748122) | more than 7 years ago | (#20023151)

It is true that Churchill was not fond of Democracy. But, to be fair, he hated it slightly less than all other forms of government.

Re:Ooh, Shiney! (1)

Pyrrhic Diarrhea (1061530) | more than 7 years ago | (#20023211)

Did he not also say something to the effect of 'Democracy is the worst form of government, except for all the others'?

Re:Ooh, Shiney! (1)

JesseMcDonald (536341) | more than 7 years ago | (#20023981)

Did he not also say something to the effect of 'Democracy is the worst form of government, except for all the others'?

Yes, which leads us directly to the obvious solution: no government at all.

Re:Ooh, Shiney! (1)

SCHecklerX (229973) | more than 7 years ago | (#20022099)

That's exactly the problem that I have with electronic voting. Sure, you or I may be able to comfortably 'certify' an electronic process, but what about those not in the field? And make no mistake, the entire *PROCESS* is also important, not just the way the votes are cast.

Citizens should feel confident that they know what is going on when tney 'pull the lever' If they do not, then the voting method is flawed.

With paper, there's less chance for confusion if the ballots and method to cast the vote are designed properly (no 'hanging chads'). The voter can see the 'technology' and how it is working. Not so with a touch screen on a magic box.

I was very uncomfortable with the electronic voting that occured here last election. I was given an RFID card which I used to identify myself to the machine and then returned that card when done. No idea WTF was going on or if my ID was stolen or anything.

Re:Ooh, Shiney! (0)

Anonymous Coward | more than 7 years ago | (#20024309)

Kids these days, I tell you! Why, back in my day, we didn't need all this new-fangled technogeek machinery to hack a vote. All we needed were paper ballots and some hanging chads. We didn't have all these tubes and enternets. Why don't you people learn to take a file and shave the little cigar punch they use to pin the tail on the lil' blue donkey or bribe their local mayor with an old myspace photo. Wait.. back then we didn't have my... oh nvm.

What's wrong with paper? (4, Insightful)

fastest fascist (1086001) | more than 7 years ago | (#20021797)

Considering how strong the push for voting machines is, you'd think there's something terribly wrong with paper ballots. What is it? To me, they seem to work fine, and knowing the system for counting the votes doesn't let you compromise the impartiality of the system. What benefit do these voting machines offer that justifies the risks?

Re:What's wrong with paper? (1)

Baricom (763970) | more than 7 years ago | (#20021841)

Paper is too slow.

That's no justification in the real world, but unfortunately that is a perfectly logical reason to move to electronic balloting for most people.

Re:What's wrong with paper? (4, Interesting)

Elemenope (905108) | more than 7 years ago | (#20021843)

The problem with paper is...it's slow. Don't get me wrong, I don't see that as a problem; I am of the school of thought that it is no disadvantage to take a week or so to count ballots by hand. However, the public has an expectation (cultivated as it has been by TV media, mostly) that elections are to be decided ASAP. I don't know how to ween folks off of such an expectation, esp. since there is a profit motive in minute-by-minute coverage. It is hard in the Internet age to get people to understand why everything can't be as fast as a Google search.

I'm not crazy about exit polls, either, though if done accurately enough (i.e. large enough sample sizes, unbiased methodology) should be able to provide a good indication of results quickly even with a paper ballot system.

I'm completely spitballing here, but I imagine that psychologically the image of a computer as the instrument of an election is more reassuring to people (who, by and large, use computers for many routine tasks) than paper, which conjures notions of impermanence and fragility and a history of "stuffed ballot boxes" and other shenanigans; while computers in reality may be more vulnerable to such shenanigans, they do not as easily lend to such an image, and so combined with their inner mysterious mechanics, they are more easily trusted. People, scarred by the disintegrating trustworthiness of their government, desperately want some part of the political process to place their faith in.

Re:What's wrong with paper? (3, Insightful)

fastest fascist (1086001) | more than 7 years ago | (#20021917)

Hm, well, to do the old "over-here-they-do-it-better", over here ballots are counted manually, and the results after a nationwide vote are available withing a few hours of the closing of polls. While I live in a much smalled country than the USA is, I don't think the percentage of people who vote is any higher over there, and thus the amount of vote counters required per capita shouldn't be, either. If it takes weeks, hire more people, or perhaps people who can count, if that is the problem.

Re:What's wrong with paper? (1)

Zironic (1112127) | more than 7 years ago | (#20022063)

Here in Sweden we just divide all voters up into groups of around 1000 people each, all of these go to the same place to vote and around 5 people count all the votes. All votes are counted around 8 hours after closing. If it takes you weeks to count the votes you're doing something seriously wrong.

Our voting ballots are rather simple. There is a different color for each party and each party has a list of candidates. You just mark the candidate you vote for or no mark for the default candidate (1). The vote is invalid if you mark more then once candidate.

Technically we only count the party votes during the election and the central office counts the candidate votes which might take a week.

Re:What's wrong with paper? (1)

Splab (574204) | more than 7 years ago | (#20022695)

Same here in Denmark. The problem in the states is first of all that the news agencies has the attention span of a confused kitten (and same goes for a lot of the American people (no offense)), so they need the result fast so they can get back to fighting terrorism and screwing up the environment. The other part of the problem is that unlike us they tend to vote for a lot of stuff at the same time, so the ballots gets confusing and apparently they seem to think that using electronic voting machines help there (correct solution is to do what we do and hold an election every other year alternating between the state stuff and the local stuff).

Re:What's wrong with paper? (1)

Elemenope (905108) | more than 7 years ago | (#20022715)

One salient difference is that here in the US ballots tend not to be simple; we have elections for local, state, and national offices on the same ballot, plus local and state ballot inquiries and referendum questions in many localities. So I don't think it is quite as easy to tabulate as the Swedish ballot you describe. However, even if our ballot wouldn't take hours to tabulate, I can't imagine it would take more than a day or two.

Re:What's wrong with paper? (1)

Zironic (1112127) | more than 7 years ago | (#20023111)

We actually have the same thing.

One vote for the local (Komun)
Then one for the regional (Län)
Then lastly for the country (Stat)

Also we sometimes add a fourth for a local issue.

Still only takes hours to figure out what party won and then a few days to calculate what candidates got seats.

Re:What's wrong with paper? (1)

Elemenope (905108) | more than 7 years ago | (#20023533)

Ahh. Party discipline and party loyalty are quite weak in the US compared to most parliamentary democracies. This is due in great part to the fact that in the US, we don't have party slate elections. The shortcuts that that would allow via counting are thus not available to us. As such, our time-table would probably be closer to the few days than the few hours. Either way, I don't see the big deal in waiting.

Re:What's wrong with paper? (1)

zotz (3951) | more than 7 years ago | (#20023125)

Put the presidential and congressional races on one ballot, the rest on another if you like.

You could even have, national, state, local, and special ballots.

Count national first.

What is the maximum number of choices you guys need to make for a national election with no special votes?

all the best,

drew

Re:What's wrong with paper? (1)

Elemenope (905108) | more than 7 years ago | (#20023585)

A decent idea. At most three offices are up for national election in any given district (with extremely rare exceptions where some states have at-large house representatives), President/Vice-President (elected on a unified ticket), one Senator (66% chance), and one House Rep.

Re:What's wrong with paper? (1)

AI0867 (868277) | more than 7 years ago | (#20023721)

There's a really simple solution to that: use different ballots for different elections, that's how we do it in the Netherlands.

Re:What's wrong with paper? (0)

Anonymous Coward | more than 7 years ago | (#20023285)

>Here in Sweden

When Sweden consists of 51 independent governments, has a population of 300 million, grows to nine million km^2, let us know how your system works out.

Re:What's wrong with paper? (1)

Lally Singh (3427) | more than 7 years ago | (#20022145)

Frankly, it's like any other technological solution.

    Right now, it's riddled with more trouble than it's worth. It'll have lots of public failures. But, each failure will lead to an improvement, and eventually it's pretty decent.

    The problem most have with electronic ballots is the threat of indetectable corruption. But how much corruption do we have in paper ballot systems? Considering the cost of the counting process, we can't really use the paper trail very often. Instead, we're stuck with believing what we're told by a bunch of typically very-partisan political appointees or politicians.

    It's not news when someone hacks into a box full of paper slips -- any jackass can do it. That bothers me a lot more than a team of researchers with a ballot box at home with full source code.

    Electronic voting could let us all download an anonymized list of votes, and we can verify them ourselves. Cryptography could prove very useful here -- let each citizen verify that the national tally includes their vote correctly, and implement some safeguards* to make sure that there aren't any fake votes.

Computers could be used to *secure* democracy. Probably better than any other time in human history.

* E.g. have certainty in the number of votes in each area, or randomly audit votes (meaning ask that those voters affirm that those were their selections), etc.

Re:What's wrong with paper? (1)

phantomlord (38815) | more than 7 years ago | (#20022651)

Cryptography could prove very useful here -- let each citizen verify that the national tally includes their vote correctly
Or let your abusive spouse, domineering parent (don't tell me there aren't any 18 year olds in high school who have a parent telling them how they have to vote if they want their college money or even a 25 year old living in his parents' basement who better vote a certain way or he'll get kicked out), employer, etc verify that you voted the way they told you "or else." The minute you can prove you voted a certain way once you leave the polls, you open yourself up to all kinds of problems. Verification should happen before you leave, preferably while you're still alone in the booth.

Re:What's wrong with paper? (1)

nicklott (533496) | more than 7 years ago | (#20022333)

In a UK general election all votes are paper and counted by hand and unless there's a recount the results are are always available within 12 hours (and normally much quicker). ie polling closes at 10pm and when you wake up the next day the results are known. I can't see any reason to need the results quicker than that.

If it takes a week they need to either employ more counters (they're unpaid volunteers in the UK AFAIK) or re-examine their methods.

Re:What's wrong with paper? (1)

akelian (235699) | more than 7 years ago | (#20022701)

Paper does not need to be slow. In my country (Chile) and, I suppose, several other Thrid World countries, the voting is very well organized, and you can have the results at night, only hours after voting started.

It's only matter of organization.

Re:What's wrong with paper? (1)

bmo (77928) | more than 7 years ago | (#20023249)

"The problem with paper is...it's slow"

Substituting efficiency accuracy and security solves _no_ problems when it comes to democracy.

Instead, it creates problems.

Besides, what the fuck is wrong with scantron style sheets?

--
BMO

Re:What's wrong with paper? (2, Insightful)

fl!ptop (902193) | more than 7 years ago | (#20021863)

What benefit do these voting machines offer that justifies the risks?

the push (in the u.s.) for electronic voting machines seems to have been made after the 2000 election recount fiasco. need i mention the words, "hanging chad?" i don't think you can have one of those with an electronic machine. besides, paper ballots are easy to invalidate. remember the pictures on the news of people holding them up to the light, and others handling stacks of paper ballots? one small wire shoved through a stack like that can cause an 'overvote' which would invalidate all of them.

i would guess the main benefits are, in a recount scenario, to prevent having hundreds of people handle paper ballots. the avenues of interpretation are too numerous (hanging chads, pregnant chads, swinging chads, etc.) with paper. with a computer, there is no doubt, it's either a 0 or a 1.

Re:What's wrong with paper? (1)

fastest fascist (1086001) | more than 7 years ago | (#20021887)

I don't remember, actually, since I'm not a US resident. Over here, the ballots are simpler: There's a circle and you write the number of your candidate in it. Then the votes are counted manually.

Re:What's wrong with paper? (1)

rbarreira (836272) | more than 7 years ago | (#20022071)

Bullshit. There are already solutions to those problems you mentioned about paper ballots. Recounting, safes, locks, policemen, parties having representatives at each voting booth and who are present at the counting process.

With software, you're relying on things which:

a) are not known by many people - computer security is a very non-mainstream subject and will likely remain so for many many years
b) are easy to change without a trace
c) you need to trust the machines about. You can't change reality as easily as you can change software.

Re:What's wrong with paper? (4, Insightful)

TapeCutter (624760) | more than 7 years ago | (#20022361)

"with a computer, there is no doubt, it's either a 0 or a 1." - Maybe I'm feeding a troll but here goes anyway...

Speaking as degree qualified programmer with 20yrs experience, I don't trust the machines and TFA clearly demonstrates why.

My number one reason for distrusting computerised systems is that they enable "wholesale fraud" with a single point attack, it might be "unlikely" but it is a technical possibility that the result of the whole election could be predetermined and the "race fix" can be implemented by one person sitting at a desk. Worse still it's a technical possibility that a "fix" can be done in such a way that it is undetectable after the fact.

Contrast that risk with old-fashioned paper and international observers. With that system the best a cheat can hope for is "retail fraud" - some stuffed boxes over here, the senator's hound dogs voting over there, ect. Fraud and corruption are a fact of life, nowhere on the planet can they be totally eliminated from such high stakes "games" as national elections.

The traditional paper system with it's well-known and thouroughly tested procedures minimizes the risk of a "fixed race" simply because of the fact that it is much more difficult and requires a hell of a lot more people to get away with "wholesale fraud". Speed is not a big issue since there are plenty of counters in the form of eager voulenteers from the various parties. And it's crucial to security that you pair off "opposing counters" since they also embody the imporatnt "checks and balances" of watching each other like hawks and arguing so loudly about something as mundane as "hanging chads" that even I remeber it and I live 10,000 miles away!

Re:What's wrong with paper? (1)

pjt33 (739471) | more than 7 years ago | (#20022515)

That's not a problem with paper voting per se, but with the implementation of it adopted by some (all?) U.S. states. What was the problem with paper-and-pencil voting which punch machines were supposed to fix?

Re:What's wrong with paper? (1)

Neuronwelder (990842) | more than 7 years ago | (#20021975)

Amen! Today you can walk into any bank and see we have automated money counters that can count money quickly. Why not the same for the paper on voting machines?? Some bright Engineer could do this. Sigh.. Good friendly practical Engineering seems to be dead these days.

Paper ballots are even MORE insecure... (3, Informative)

hummassa (157160) | more than 7 years ago | (#20021989)

Paper ballots are falsifiable. You can easily stuff/switch paper ballots. The security in an election process, electronic or otherwise, is in the process itself. If the machines are tested, and their state is always checked by parties' officials before the election begins, they are as safe as paper ballots that are sealed by said parties' officials -- with the advantage that you know the results quicker, with less opportunity to magic tricks. Of course it helps having more than one (or two) parties. Oh, and it also helps if you have a single data interchange standard for the whole country.
I have a post from three years ago (#8944789 [slashdot.org] ) detailing how stuff works here in Brasil, for your entertainment:

Oh, yes, I will repeat myself over and over...
by hummassa (157160) on 2004.04.22 20:06 (#8944789)

Till these topics die.

I live in Brasil. We have had voting machines in the last 12-14 years (yes, twelve to fourteen -- it depends the size of the city you are in). Brazilians here: the first election here in Belo Horizonte to use the machines were the mayoral (and city council, state representation, governor, house and senate) before FHC was elected (as I count it, 2 years + 8 years + 1 1/2 = 11,5 years). I know it, because I was "mesário" (election "table" official? election "clerk"? what is a good English translation?) in the previous election, and in the two subsequent elections. IIRC, there were electronic ballot boxes in Rio and Sao Paulo in the election before that (the only two cities larger than Belo Horizonte).

Our voting machines are mainly of three different (internally) models: (a) the old ones, that use VirtuOS (*) as the OS, (b) the new ones, that use WinCE as the OS, and (c) the newest and deprecated ones that have the second printer to print your vote, show it to you inside a clear acrilic case, and mix it with others inside the machine.

Externally, all of them look roughly the same: a box similar to the old "portable computers" of the eighties, with a 5-6" diagonal LCD and a big numerical keypad in the right side of the screen, that has, besides the 0-9 keys, "confirma" (ok), "erro" (cancel), and "branco" (white).

The electoral process (from the point of view of the voter) begins ... when you get your first job. If you are a mandatory voter (literate person from 18 to 65) you have to go to Electoral Court and register to vote. In the process of registering, you receive the "Título de Eleitor" (voter id), in which you have the number of you voting section. To change jobs, and specially to get a government job, you have to prove you are a registered and regularized voter (you voted in the last election, or regularized your voting situation after it).

In the election day, you scan the newspapers (or the Superior Electoral Court website), search for the address of your section, and go there. No, there is no transit vote, you can only vote at that address. If you can't get there, you'll have to "justify" your absence.

At the section, you will present your voter id to one the "mesários", and if you don't have it on you, you can still vote (you can show other valid id), but will be delayed. The mesário will search for your name in the vote-ticket sheet, and annex it to your id while you vote. You will sign a receipt in a sheet, and proceed to the voting "booth". Another "mesário" will type your voter id # in a remotely connected keypad, setting the machine in the "ready to vote" mode.

The voting "booth" is really only a desk with the voting machine over it, facing nobody else in the room, and sometimes with a cardboard "cover" around it. You will "dial" the numbers of the candidates, in order. when you dial all the digits of one candidate, a star-trek-like chime rings, his/her face will show up in the screen, and if you digited it right, you hit "ok". otherwise, you hit "cancel" and start over. After typing all the candidates, you hit "ok" one last time, the machine chimes again, and goes to "stand by" mode. You have voted. If you don't want to vote for nobody, you can hit "white" instead of the candidate ## (accounted as a "white vote", or "none of the above" -- this is the equivalent of putting your paper ballot in the box without marking anything), or if you really want to protest you can type 9999 or other non-existent-candidate-#, and your vote will be accounted as a "null vote", or "I'm really pissed of" (the equivalent of drawing pictures or writing "improper expletives" in a paper ballot)

Then, you get your id back, your ticket (keep it together with your voter id!!), and you go home. Ah, bars do not open (theoretically) in the election day, so hope you have bought your beer in the day before).

From the point of view of election officials, things are more complicated. The machines arrive to the Electoral Judge (yes, a Judge of Law) pre-prepared one to two months before the election day, along with boxes of diskettes (where the results will go) and Flash ROMS (where the software will go). All Electoral Judge Offices alread have Flash readers (writers? they don't tell us).

The electoral Judge has the personal responsability of, in this time, testing *ALL* of the machines and checking their Flashes with some checking software. He has to emit the "zerésima" (0th report), that is a report saying "this box has no votes on it", make some votes, close the box, emit the totalling report, check if those were the votes, and sign the machine as "ok" in a list. He should do it more than once for some machines. He can delegate some of the work, but it's his responsability.

In the evening of the election day, he must make sure the clocks are ok for all of the machines.

In the election day, the "mesários" in each section must emit the 0th report, annex it to the official election papers, and the box is ready to be used. At the end of the election day, the "mesários" emit 6 or more copies of the totalling report for each box. Three of them go with the official election papers, one is affixed in the outside of the section, and the others go to party appointed officials. Some electoral judges appoint press members to receive them, too.

The totalling is already in a diskette, that is inside a sealed compartment in the box. Some Electoral Judge Office employee breaks this seal (marking he's done so), and the diskettes are read in a computer in the Office, their contents (probably signed cryptographically) sent to the Regional Electoral Court, where they are processed against all other ballot boxes.

I should say, at this point, that all of this is accompanied by the Electoral Judge and the District Attorney, which are not elected officials in Brasil, and the elected officials have no power over them. Or at least, should not have.

The press and the party officials all have the intermediate per-box results, immediately after the election closed, so they can do the math, too. And they do -- in small towns the result of the election is known far before the official announcement, because people sum the per-box results by hand, instead of waiting for the Big Computer at the Regional Court add for them.

Quoting (mis-quoting?) Gangs of New York, "ballots do not win elections -- counting does!", the counting/summing part is verifiable.

At this point, I should say I consider our system very very reliable, because of the distributed nature of the checkings that are done in the machines. I have worked at a District Attorney's office, and the fiscalization of the procedures to be done to the machine by the Electoral Judge was partly delegated to me, so I know what I'm talking about. The Judges and their guys usually fiddle with the clock, make a lot of votes, and thoroughly check the machines before they are used. This is taken very seriously.

Even in the few instances where it's not done so seriously, the overall bad effect is not great. Yes, it should be relatively easy to rig a mayoral election in a small town (100 machines or less -- each machine in the range from 500-10000 voters) -- but just with the DA's and the Judge's help. And they won't help, normally they have nothing in it for them. But I think impossible the effort to rig, p.ex., an election like our last presidential one -- and, to boot, won by the opposition party.

You must notice that this is only allowed by our unified electoral system. The voter database is also a single one and it's very difficult to vote twice or more in our system.

I think the electronic system is better than the paper-ballots one (at least here in Brasil, but probably everywere) because counting ballot papers is hard, slow, error- and fraud-prone and no-one wants to recount them. It's easier, in my opinion, to rig some pre-printed million paper ballots and distribute them in a lot of ballot boxes than to distribute a million swing votes in 1000 machines.

I think the snafu in the last USofA election is really due to few people watching the counts, etc. Our multi-party (c. 20-30 parties now, but there were 50 at some point in the 90's) system makes every count/recount have at least 100 party officials doing the same. The voting machines were reasonably scrutinized by party-appointed experts.

Yes, paper trail (now deprecated here) is good, but only if you have a good, OCR-like way of counting the paper ballots. This is expensive. Our paper-trail machines had a second (thermal?) printer, that printed your vote and displayed it inside a clear plastic case before it was dropped in a box inside the machine, all sealed. But... as I said before, who is gonna recount them? It's easier to trust the distributed nature of the election and the audits made by the parties officials. If the paper trail were made in big, OCR-able letters, or with some bar-code, the tickets would have to be fixed-size, bigger than they were, and more expensive, in general.

(*) a DOS-clone-enhanced with possibility of multitasking and multiuser operation. a nice system, and it was always far better than MS-DOS.

Re:What's wrong with paper? (2, Funny)

symbolic (11752) | more than 7 years ago | (#20021993)

I heard it was something about some dude named Chad that liked hanging around during the election, making it difficult to determine what people were voting for. This guy's kind of strange, too- rumor has it that he occasionally gets pregnant from voting machines that malfunction. I'm guessing that the move to e-voting will give this guy a much-needed break.

Voting machines (2, Insightful)

saibot834 (1061528) | more than 7 years ago | (#20021827)

"Voting machines are the non-solution of a non-existing problem" (not my quote, I heard it somewhere).

The quote is completely right.
a) What is wrong with pen&paper voting?
b) Voting machines do not solve any problems: If we say for example a) was about the money: Voting machines cost all-in-all more money than pen&paper voting.

Not true! (4, Funny)

rbarreira (836272) | more than 7 years ago | (#20022051)

That's not true! Voting machines are the solution to the existing problem of "how to make sure one is elected".

Re:Voting machines (1)

Volante3192 (953645) | more than 7 years ago | (#20022295)

Electronic voting machines have their purpose but it shouldn't be to replace the pen & paper style, but rather to suppliment it. Perks of an electronic voting machine are to ensure privacy for voters who would prefer different languages or blind/disabled.

Sure, one can argue you can print out however many ballots you need in however many languages, but it's hard to judge how many you'll need, plus I wouldn't rely on having a translator available. With a voting machine, it's a simple matter of changing the display. As well, with blind or disabled, again, one could argue that they be allowed an assistant, but who can guarentee the assistant is trustworthy?

But this would be to augment the system; have a couple off to the side with the majority using durable cardstock. ...at least in my perfect system...

Re:Voting machines (1)

Alien Being (18488) | more than 7 years ago | (#20022341)

Voting machines are being deployed to solve two problems, fast tallying and security. They are not even close to perfect for either of them.

They fail at the speed problem because of technical issues on election day and because we often have to go back and try to determine if there were any technical issues.

They fail miserably at the security problem because many of them have been proven to be vulnerable and more importantly because the audit trail sucks. That's what gets me... the audit trail. How tough can it be? So what if the machine is a black box? Just let me see what comes out of it. I'm not just talking about a roll of paper being printed; I think the public needs to be able to see that his vote has been counted.

I'd like the option of getting a receipt when I vote. I think it could work like this:

Every ballot (paper or electronic) gets a unique identifier. When I submit my ballot, I provide an identifier of my own. The results look something like this:

ballot# voter's key vote

145 1234 stewer
637 9876 egger
942 1212 stewer

Everyone gets to look at the table, but only the person who cast the vote knows which one is his and he can confirm that it's his because it contains the key that he chose.

Re:Voting machines (1)

rbarreira (836272) | more than 7 years ago | (#20022809)

Voting machines are being deployed to solve two problems, fast tallying [...]


I really don't understand what fast tallying problem exists. In my country (Portugal), votes are counted by hand and the results come out the same day. Counting votes scales linearly with population size so all you need is the same percentage of people counting votes, is it that hard or slow?

Who needs to crack the system? (1)

ThePromenader (878501) | more than 7 years ago | (#20021833)

...it's more that likely those most interested in tweaking the system have already got the keys.

Link to SOS Site (5, Informative)

jellie (949898) | more than 7 years ago | (#20021849)

I'm surprised there's no link to Secretary of State Debra Bowen's site that includes all the analyses, CVs/resumes, and all other documentation regarding the top-to-bottom review:
http://www.sos.ca.gov/elections/elections_vsr.htm [ca.gov]

The overview by Matt Bishop is actually quite an interesting read. In it, he says that they could have found more problems with the three systems, but they were limited by time:

The short time allocated to this study has several implications. The key one is that the results presented in this study should be seen as a "lower bound"; all team members felt that they lacked sufficient time to conduct a thorough examination, and consequently may have missed other serious vulnerabilities.
In addition, he also cites the lack of proper information from the vendors as another problem.

It should also be noted that a fourth vendor, Election Systems and Software (ES&S) missed the deadline for submitting their systems for the review. I'll be cynical and just assume that they decided to skip the initial review than to have a bunch of computer researchers hack their systems.

Real Test is the Presidential Election (1)

BillGatesLoveChild (1046184) | more than 7 years ago | (#20021931)

They already used the census to make Jedi an official religion. Now add seriously insecure electronic voting machines, and we could wake up and find geeks have made George Lucas the next President. But I for one would welcome our new overlord. I'd like to see how a new Secretary of State Jar Jar Binks handles Iraq.

Re:Real Test is the Presidential Election (1)

ikkonoishi (674762) | more than 7 years ago | (#20022437)

But then we would have to issue all the marines radios and invisible guns. Plus all military vehicles would explode violently when hit by small arms fire.

Hmm... (1)

jez9999 (618189) | more than 7 years ago | (#20021937)

The tests were ordered by Secretary of State Debra Bowen, who has until Friday of next week to decide whether to decertify any of the machines for use in the upcoming Presidential primary election."

Looks like she won't need to decertify any, then. They'll all be able to deliver the Republicans the next election. :-P

So... (0, Flamebait)

kinocho (978177) | more than 7 years ago | (#20021939)

All things considered... that means those machines are PERFECT for a voting in US, right?

(Ok, now you can mod me down...)

Security is tough. (2, Insightful)

fishthegeek (943099) | more than 7 years ago | (#20021951)

The only secure machine is one that is OFF. If it isn't off then I'm always going to bet on the hacker. IANAP, but I feel very sorry for the challenges that programmers face. They have to review and analyze code for bugs, flaws, and features, they have bosses that demand profit and features. Those 1337 boys only need to find one flaw, the programmers have to find and fix all of them. I'm not surprised at all that all of the machines were cracked, given a high enough profile, the right conditions, and a motivated h4x0r any system is vulnerable.

Re:Security is tough. (1)

Umuri (897961) | more than 7 years ago | (#20022003)

Mod parent up.

I'm all for pointing out how insecure a machine is for voting, and that nothing was wrong with the old paper system, but he's really hit the nail on the head on how much we shouldn't really worry about this without more specifics.

Are they vulnerable only to someone who is there at the time of the vote toying with the machine?
Or is this something that can be triggered remotely or set up on time-delay.
Is it something that is easily detectable if we have people watching over the machines/running maintenance before/after elections.
How useful are these hacks in falsifying the backup system (paper) that some of these machines are supposed to be using, or do they just mess up the electronic data?

You can find a bug in almost any software.
Finding an exploitable bug that is useful and won't be easily detected is quite a bit harder.

Re:Security is tough. (0)

Anonymous Coward | more than 7 years ago | (#20022353)

I am a programmer (and on a head full of good acid right now it is great). And as to the challenge part, it isn

Move your ass guys (3, Informative)

rbarreira (836272) | more than 7 years ago | (#20021973)

Hey, do something for your country and humanity, send letters to your representatives or whatever you can do to stop this electronic voting madness. Posting on slashdot won't do much.

How did the election Official get his job? (4, Insightful)

chris_sawtell (10326) | more than 7 years ago | (#20021997)

From the article:-

Letting the hackers have the source codes, operating manuals and unlimited access to the voting machines "is like giving a burglar the keys to your house,'' said Steve Weir, clerk-recorder of Contra Costa County and head of the state Association of Clerks and Election Officials.
This is simply not true! The analogue in the real world of locks and keys is that you have given a burgler the design blueprints of the lock. NOT the code combination or the key lever settimgs. The demonstrated ignorance of the said Steve Weir about secure computing begs the question "How did he get appointed to his positions?"

Re:How did the election Official get his job? (1)

JamesRose (1062530) | more than 7 years ago | (#20022065)

It'll be a bit of a surprise to him the resutls then, he think he gave you the front door keys, and you just walked in a back door he didn't even know he had and tapped him on the shoulder.

Re:How did the election Official get his job? (0)

Anonymous Coward | more than 7 years ago | (#20022231)

hmmm how did he get his job? Maybe he got elected?? :o) Sorry guys couldnt help it

Re:How did the election Official get his job? (2, Informative)

martyb (196687) | more than 7 years ago | (#20022935)

From the article:-

Letting the hackers have the source codes, operating manuals and unlimited access to the voting machines "is like giving a burglar the keys to your house,'' said Steve Weir, clerk-recorder of Contra Costa County and head of the state Association of Clerks and Election Officials.
This is simply not true! The analogue in the real world of locks and keys is that you have given a burgler the design blueprints of the lock. NOT the code combination or the key lever settimgs. The demonstrated ignorance of the said Steve Weir about secure computing begs the question "How did he get appointed to his positions?"
This is directly responded to in the Overview of Red Team Reports [ca.gov] in section 3.1 (page 5): (NB: emphasis added.)

Finally, no security should ever rely solely on secrecy of defensive mechanisms and countermeasures. [2] While not publishing details of security mechanisms is perfectly acceptable as one security mechanism, it is perhaps the one most easily breached, especially in this age of widespread information dissemination. Worse, it provides a false sense of security. Dumpster diving, corporate espionage, outright bribery, and other techniques can discover secrets that companies and organizations wish to keep hidden; indeed, in many cases, organizations are unaware of their own leaking of information. A perhaps classic example occurred when lawyers for the DVD Copyright Control Association sued to prevent the release of code that would decipher any DVD movie file. They filed a declaration containing the source code of the algorithm. One day later, they asked the court to seal the declaration from public view--but the declaration had been posted to several Internet web sites, including one that had over 21,000 downloads of the declaration! [9] More recently, Fox News reported that information posing "a direct threat to U.S. troops ... was posted carelessly to file servers by government agencies and contractors, accessible to anyone online" [8], and thefts of credit card numbers and identities are reported weekly and growing in number. Thus, the statement that attackers could not replicate what red team testers do, because the red team testers have access to information that other attackers would not have, profoundly underestimates the ability and the knowledge of attackers, and profoundly overestimates the infallibility of organizations and human nature.

[2] This is often called "security through obscurity".

A shocking discovery! (1)

abigsmurf (919188) | more than 7 years ago | (#20022013)

Security researchers discovered a shocking flaw in the paper ballot system, they found that there were a number of flaws including one that said they could discount any number of votes just by saying the ballots were spoiled when counting! They also discovered that it was possible that overseas soldiers could send in multiple votes and have them counted!

Jeb Bush discounted these flaws as unmerited after he was seen at the security conference this was revealed taking notes.

Joking aside I have to wonder about the methods they use to hack into these ballot PCs. Most of the hacks I've seen required physical access to the PC and opening it up. If you removed all the ports for voting machines and secured the monitor connectors, you could simply put the PC in a box with a tamper proof seal and have a decent level of security. When the votes are counted, you have election inspectors observe the seal and do a quick checksum test to ensure the code hasn't been altered. Sounds secure enough for me and it would still be much quicker than paper ballots.

Re:A shocking discovery! (2, Insightful)

Ambiguous Puzuma (1134017) | more than 7 years ago | (#20022091)

And if the seal is tampered with, what then? It seems like an easy way to quickly invalidate a whole bunch of votes in districts that are likely to favor your opponent.

Re:A shocking discovery! (1)

abigsmurf (919188) | more than 7 years ago | (#20022153)

you ensure that it's not possible for the general public to break the seal (store the computer in a metal box) so that there's only a very narrow range of people who could possibly do the tampering meaning a conviction would be very easy and discourage tampering from taking place.

There's nothing to stop someone pouring a bottle of water in ballot boxes with paper ballots and invalidating a poll but this doesn't happen because it would result in a conviction

Re:A shocking discovery! (0)

Anonymous Coward | more than 7 years ago | (#20022293)

It's the people monitoring the election and systems I am worried about :P

mod down (-1, Troll)

Anonymous Coward | more than 7 years ago | (#20022135)

Presidential fund raising and voting machines (1)

dattaway (3088) | more than 7 years ago | (#20022141)

I was looking at Diebold's present and past leadership, donations, and the paybacks they got. It looks like the Skull and Bones membership roster at Yale where Bush went:

Louis V. Bockius III, Christopher M. Connor, Richard L. Crandall, Eric C. Evans, Gale S. Fitzgerald, Phillip B. Lassiter, John N. Lauer, William F. Massy, Walden W. O'Dell, Eric J. Roorda, W. R. Timken, Jr. and Henry D. G. Wallace

Perhaps these voting machines were simply portfolio builders for the wealthy elite.

What about recount? (1)

catxk (1086945) | more than 7 years ago | (#20022175)

What about recounting and/or validating e-votes and still maintaining absolute secrecy about who voted for who? In the shadow of security, this was the main question that I believe went unanswered when Estonia (or whatever it was) went through with this. Seems to me e-voting requires an impossible amount of trust in the system.

A Voting is NOT an ATM (1)

sciop101 (583286) | more than 7 years ago | (#20022319)

Voting & Voting Machines are meant to be anonymous. The voter selects the candidate, the machine accurately accumulates the vote. NO record of which voter voted for which candidate!

An ATM is NOT anonymous. A record is kept of each withdrawal/deposit/transfer/... by each user. The security cameras have been used to identify ATM users & bystanders.

Re: A Voting is NOT an ATM (1)

dana340 (914286) | more than 7 years ago | (#20022939)

It is true that a voting machine is not an ATM. Our voting should be just that, anonymous. In the computer world, figuring out who pushed what button is normally tied back into accountability. An example: Windows domains using a proper active directory and the right logging tools will tell us who's trying to screw around with documents. How can we be sure the results of the ATM.. i mean voting machine are accurate?

Earlier on in the string of posts, one comment suggested paper receipts with a number system. I didn't fully understand the explanation of the number system, but i think it's a good option. Imagine if it printed two receipts, one it hands to the voter, the other the voter can see printed through a glass window. It can provide a BACKUP in case the machine CRASHES and doest get the votes over to the tabulating back end, or if there's reason to believe that the machine was tampered with. A dedicated black hat I'm sure can still find a way to break into the system as a whole and change votes, but the printed ballot would be verified by the voter, and certifiably not tampered with by the voting administrators.

every system has a flaw, indeed even this one does, a team can can try to hack the system knowing they would go to paper backups, then pay off voting administrators to replace the paper ballots with loaded ones. Complicated to coordinate rigging the presidential election, but local elections CAN now be bought....

The presidential elections are still a big concern to me, We've seen how the voting machines themselves are vulnerable, but I haven't seen anything about security upstream when votes are tallied to coordinate the electoral college, This is the most likely target, and has not been past any public review that I have seen.

Secure the software in the hardware (1)

LamboAlpha (840950) | more than 7 years ago | (#20022721)

I know this a old technology, but why not store all the software and voting results in PROM (programmable read only memory). The chips could have their serial numbers inventoried before and after the election. The integrity of the software could be verified after the election. Once you have writing to a section of the chip it is not going to change (meaning don't use EPROM (solid case, not just a sticker) or EEPROM). Even if the chips are still not made, I am sure someone is willing to custom make a "few" chips for the US government / government contractor.

I know the software is fairly complicated (not sure how many MB), but you might also be able store only part of the software in the PROM. Use something like a ATM, with the button on the left and right sides. But only storing part of the software on PROM leaders you right back to the original problem (I am sure you could manipulate the results and no one would know, such as slightly moving the location of the names on the screen, so a different person is name is next to button at the side of the screen).

You could also use some procedure controls to prevent the above from happening. Have a person (Rep. and & Dem. Voting Official (Maybe a Ind. if need be)) go and record the tabulated results every few hours. Then at end of the day the procedure could have machine challenged (a varying number of times) with known known but a random voting pattern then compare the tabulated results with the expected results (which you can calculate from the previous results and the known challenge voting pattern). This could be done through out the day, but care would need be taking to not include the results in the election. If you let the machine know it is being challenged, then it can manipulate the results and you are not testing the proper part of the code. A stamp in the PROM results could work, since the remainder of the machine does not know exactly what the PROM section is doing (or at least that way I would make it).

Your votes dont count anyways so who cares (0)

Anonymous Coward | more than 7 years ago | (#20022775)

Your votes don't count anyways so who cares, thanks to the electoral system, it doesn't matter how people vote in Arizona or many other states. So, until every vote counts, just sit back and enjoy the show...

This is Bullshit (1)

jacknimble (657819) | more than 7 years ago | (#20022779)

Electronic voting machines will never be foolproof, nor will paper-based ballots. We should make reasonable and prudent efforts to protect BOTH methods from manipulation or accidental errors. I've never understood why the machines cannot be made to print out the voters selections in the booth for review before the voter presses the submit button. If the paper receipt matches his selections, only then will the voter submit his votes. Next, he deposits the paper result in a box to be used to verify the accuracy of the electronic results. The vote records are still anonymous. The methods and procedures to check the paper versus electronic result can vary from full-on record by record checking for verification before making an election official, to simple statistical sampling of small numbers of paper ballots to electronic vote results. These can also vary by geographical regions, with statistical methods applied to ward, county, state, or national elections to trap for inconsistancy. Worst case scenario is that results are not official in any shorter period of time than before, but this type of checking would only be necessary if there were problems. This combines both methods to actually IMPROVE the accuracy of voting because it uses 2 separate procedures to verify results. To assume that electronic voting somehow has to be hacker-proof is ridiculous. Hell, I could simply walk in and steal paper ballots from the precincts I voted in; the people designing the paper ballot can alter the layout to favor one candidate over the other; ballot counters can simply declare a paper ballot invalid - the list is practically endless. Having said all of this, the voting machine companies do need to produce good-quality and RELIABLE hardware and software that doesn't break and at least counts votes accurately. I cannot understand why that is so difficult. I was in the point of sale industry for years, and all of the same basic equipment was used, and it was not that hard to write software that would add correctly.

Priority straightening (1)

linuxwrangler (582055) | more than 7 years ago | (#20023033)

Somebody needs to take a cluestick to the heads of a whole bunch of county election officials. They are "concerned" about this report. Because it goes to the heart of the legitimacy of our election system??? NO! Last thing on their minds. They are worried that having to switch to a proven reliable and secure system would inconvenience them. The lot of them ought to be tossed out on their ears.

How would you do it? (1)

elFarto the 2nd (709099) | more than 7 years ago | (#20023055)

Ok Slashdot people, How would YOU implement electronic voting?

Regards
elFarto

Re:How would you do it? (2, Insightful)

sconeu (64226) | more than 7 years ago | (#20023361)

I wouldn't.

If I *had* to, I'd have the computer be the means of *printing* a ballot only. It wouldn't tabulate.

It would then print a ballot that was both human and machine readable (OCR font anyone?).

That ballot would be placed in a box, and counted.

Re:How would you do it? (1)

Mazin07 (999269) | more than 7 years ago | (#20023601)

I think we already have. I believe it's called "mod points" and that they're only given to those who deserve it.

Why even have electronic/computer voting? (5, Insightful)

Skapare (16644) | more than 7 years ago | (#20023113)

Paper ballots do have their problems. People don't always mark them consistently. Sometimes they mark one candidate then try to rub it out and mark another. The paper ballot was hard to read by electronic means and manual counting was too time consuming to get the quick results most people wanted.

Punch cards that people have to do the punching on don't always get punched right (remember the hanging chad problem). Sometimes people start to punch one hole, and realize they are in the wrong hole or change their mind real fast and try to punch another instead. Sometimes 2 or more holes are punched. Sometimes holes are punched partially. In most cases people could check, but they don't, or don't really know they should.

Computer voting was intended to eliminate these things. But that's its fundamental misguidance. Instead, it should be used to enhance them and correct the issues.

Voting station computers should do nothing more than assist a voter in creating a reliably readable paper ballot. The voting station should not be networked, and not even have any storage space. It would be an embedded machine booted from flash that is hardware wired to be unwritable, or booted from a CDROM or equivalent. It should boot very fast (embedded developers know how to do this and bring a minimal system and application up in a second). It should be rebooted between each voter.

The voting station would have a simple single sheet printer and an LCD flat screen with touch sensors. The voter would "touch" their votes and always have the ability to go back, or even jump around randomly to various offices/issues to vote on. Once done, the voter can press the "I am finally done" button to print the choices on paper.

What is printed on the paper is a combination of scannable text and bar codes with strong checksums (SHA1). The text shall be human readable (although in big elections some people might need optical reading assistance). Visually impaired people can ask for a poll worker to read back their ballot to them.

The next step is the paper ballot is taking to the reading station. The ballot is read in by another computer with a scanner. This computer scans the text and reduces it to a set of simple vote codes. These vote codes are checksummed and that is compared against the bar codes. If there is a mismatch, probably a scanner error took place, or the ballot was damaged or smudged. It flashes and beeps a warning the the ballot is not readable. This may require the voter to re-do another ballot (this one is marked as bad and the voter is given another sheet and front-of-line access to a voting station).

The scanner keeps tallies and may send results to a central office. Larger voting places may have more than one scanner and tallies will be done by a central computer. The paper ballot is then inserted UNFOLDED into a locked box.

The voter gets a receipt for having voted, but does NOT get a copy of what votes they made. If they want to remember their own votes, they must make their own notes themselves. The reason for this is that no voter should have any official statement of who they voted for to ensure no voter can "prove" to someone else who they voted for. This has been a long time standard to impede vote buying/selling, and should not change.

The computers that tally the votes could give nearly instant 100% results shortly after polls close. But that's not the end of it. Those results are not certified. The voting officials will, in the next few days, monitor the process if re-scanning all the paper ballots to ensure the results are consistent. If they are satisfied of this, then they certify the election results. If there are any issues, then the paper ballots can be manually checked.

This process is still paper based, and still just as auditable and recountable as any paper based system. It gains the avantages of consistency in the marking of ballots. Instead of being hand marked, they are "computer marked" (in a way that humans can read, too) and then immediately (before leaving the polling place) verified as being well marked. This eliminates the issues of unrealiable human marking (or punching), while gaining the advantage of quick totals when the election is over (potentially allowing polling places to stay open another couple hours).

One big advantage of this system is that the computers voters touch are not networked, don't have the physical means to store software infiltrations, nor do they have stored totals that can be manipulated. These can thus be simpler machines that don't have to have extensive physical durability to prevent access. They are nothing more than a tool to produce a better paper ballot with checksums that help the scanner computer verify the scanning was done correctly.

How come they never test hacking the old system? (1)

ZoneGray (168419) | more than 7 years ago | (#20023209)

Not to stick up for machine voting, or the older alternatives. But I've never seen anybody run a test against the established voting systems, and the supporting systems by which humans handle the votes. The voter registration system is so open to manipulation that it's basically meaningless.

I hate to go out on a limb here, but my guess is that the entire election system is incredibly insecure, and that there has been vote fraud going on for decades. New voting machines won't make it any better or any worse. Machines don't manipulate elections, people do.

Security (1)

Nozsd (1080965) | more than 7 years ago | (#20023429)

As a new computer science student, the security problems of the voting machines has always baffled me. Is it really that hard to secure a machine that simply adds 1 to the item I tell the machine to add 1 to? It is reasonable to assume that the easier the function, the easier it is to make that function secure. So why is it so difficult?

no malicious code was found (0)

Anonymous Coward | more than 7 years ago | (#20023483)

No malicious code was found in any of the machines...
guys have a look at this:
http://graphics.stanford.edu/~danielrh/vote/vote.h tml [stanford.edu] , yes it is the 'obfuscated v contest'
it was a contest designed to show that it is possible to write programs that look perfectly innocent in a code analyses but that do have a covert (malicious) function - in this case the programs had to count votes and do it correctly under normal circumstances but produce scewed results on the day of the election.
Have a look at the winning entry: can you spot it? http://graphics.stanford.edu/~danielrh/vote/pparka nzky.c [stanford.edu] no? thats what i thought!

Unintended consequences (1)

John Jorsett (171560) | more than 7 years ago | (#20023839)

Interesting what you get when you attempt to make a system foolproof. All this came about because one state didn't have effective rules on what amounted to a 'vote' in a close election, and because somebody couldn't figure out how to lay out a ballot so a bunch of retirees wouldn't end up voting for the wrong candidate. Now in the quest for perfection, we're getting a system that's even more vulnerable to manipulation and failure. I said at the time that we should just go back to the "blacken a dot" type ballots, but noooo .... Our CA state and local officials were sold a bill of goods by Diebold, saying how impenetrable their security was, how swell it would be when you could just upload all the electronic results and have a near-instant tally, blah blah blah. Then the first election we had here in my city, it turns out the voting machines had been sitting in people's garages for so long they lost their programming and computer-savvy voters who happened in were assisting in rebooting them and restoring their programming. Debacle doesn't even begin to describe this whole mess.

electronic + paper (1)

aegl (1041528) | more than 7 years ago | (#20024255)

The machines in use at the last election here (San Jose, CA) had a printer with a roll of paper under a glass screen. At the end of the touch screen voting phase the machine printed my selections, and had me confirm them, before it scrolled my selections away.

For this machine, it doesn't matter if someone can hack the machine ... the best they can achieve is a denial of service attack by spoiling the election. If the electronically tabulated result doesn't match what is on the roll of paper (combined with the tally of how many people voted that is kept by the humans who handle the sign-in process).

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?