Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Diebold Voting Machines Vulnerable to Virus Attack

Zonk posted more than 6 years ago | from the maybe-they-should-install-macafee dept.

United States 122

mcgrew writes "PC world is reporting that Diebold's super-popular voting machines are coming under even more scrutiny. A security review has revealed that they are simply 'not secure enough to guarantee a trustworthy election.' This is according to a report from the University of California Berkley, who did a two-month top-to-bottom review of all California e-voting systems. That's a subject we've discussed before, but Diebold's setup is truly unsettling. An attacker with access to a single machine could disrupt or change the outcome of an entire election using viruses. From the article: 'The report warned that a paper trail of votes cast is not sufficient to guarantee the integrity of an election using the machines. "Malicious code might be able to subtly influence close elections, and it could disrupt elections by causing widespread equipment failure on election day," it said. The source-code review went on to warn that commercial antivirus scanners do not offer adequate protection for the voting machines. "They are not designed to detect virally propagating malicious code that targets voting equipment and voting software," it said.' Oddly, my state of Illinois, long known for election fraud, has paper trails (at least in my county) and according to Black Box Voting doesn't use Diebold anywhere."

cancel ×

122 comments

waht we've all been wondering... (2, Insightful)

SolusSD (680489) | more than 6 years ago | (#20115553)

HOW F*CKING HARD is it to make a secure voting machine?!? The thing counts and keeps track of votes! I bet i could write a secure voting machine that could handle state and federal elections securely in a couple of days in any language from assembly to bash!

Re:waht we've all been wondering... (0)

Anonymous Coward | more than 6 years ago | (#20115611)

well with the typo in your subject line, i'm gonna go with someone else to write a voting machine.

and i could write it in brainf*ck so ptphtphtpt

Re:waht we've all been wondering... (1)

SolusSD (680489) | more than 6 years ago | (#20115665)

i'll use a functional programming language and write proofs for my functions. ... and use spell check.

Re:waht we've all been wondering... (2, Funny)

Klickoris (1104419) | more than 6 years ago | (#20116015)

Might want to use a grammar check as well.

Re:waht we've all been wondering... (3, Insightful)

A beautiful mind (821714) | more than 6 years ago | (#20115733)

HOW F*CKING HARD is it to make a secure voting machine?
Impossible. Simply because the definition of _secure_ in a democratic voting context means that the electorate is able to verify the process of voting. Since voters at large aren't generally known to possess a computer science and electrical/computer engineering degree, access to the voting machines and the source code for them is not available and also no cryptography is in place so that the voters can verify that the machine they assessed is the same one that was in place during an election, then I have to conclude that building a voting machine that is verifiable by the owners of the machines ("The People") is not possible, thus those machines are not TRUSTWORTHY by definition.

Re:waht we've all been wondering... (1)

ozmanjusri (601766) | more than 6 years ago | (#20118181)

I have to conclude that building a voting machine that is verifiable by the owners of the machines ("The People") is not possible, thus those machines are not TRUSTWORTHY by definition.

How would you respond to this article then?

The star of the international e-voting scene is arguably Australia, which is e-voting on machines that are based on Linux, using specs set by independent election officials that were posted on the Internet for one and all to vet -- an open-source approach for which U.S. activists clamor.

"From what I have read, the U.S. systems are primitive compared [with those of] Australia," said Tom Worthington, a visiting fellow at the department of computer science at Australian National University, in Canberra, Australia, and an expert on e-voting technology, in an e-mail exchange with eWEEK.

http://www.eweek.com/article2/0,1895,2164264,00.as p [eweek.com]

Re:waht we've all been wondering... (3, Informative)

jmp (84073) | more than 6 years ago | (#20118755)

I'd respond by pointing out that we don't yet have electronic voting in Australia. We use pencil and paper, and the results of an election are normally available several hours after the close of voting.

At this year's federal election there will be a trial of e-voting for vision-impaired voters and overseas defence force personnel - for and overview see the Australian Electoral Commission [aec.gov.au] site.

Re:waht we've all been wondering... (5, Informative)

TheRealMindChild (743925) | more than 6 years ago | (#20115751)

As someone who had been contracted by Diebold, the machines are running Windows, the software is written in Visual Basic, and the database is Access. And no, this isn't a troll.

Re:waht we've all been wondering... (5, Funny)

SolusSD (680489) | more than 6 years ago | (#20115763)

As someone who had been contracted by Diebold, the machines are running Windows, the software is written in Visual Basic, and the database is Access. And no, this isn't a troll.

god help the future of democracy.

Correction (2, Insightful)

AnyThingButWindows (939158) | more than 6 years ago | (#20117585)

god help the future of democracy.

I had to correct this because "Democracy is defined as 51 percent of the populous telling the other 49 percent what to do." - Thomas Jefferson

That is why we have a REPUBLIC.
It should read "god help the future of our republic."

It was once stated that "Democracy is two wolves and a lamb voting on what is for dinner. Liberty is a well armed lamb contesting the vote." - Benjamin Franklin

List of Diebold Vulnerabilities (2, Funny)

ukemike (956477) | more than 6 years ago | (#20118597)

The follow is a list of attacks or hacks which the Diebold machines are known to be vulerable to:

Sneezing in their vicinity,
Looking at them cross eyed,
Armpit farts,
Dancing counterclockwise around them,
Voting,
Sarcastic comments,
Pixie dust,
My mother-in-law's meatloaf, and
Bad Bob Dylan cover songs.

Seriously, several years ago three or four different versions of the GEMS software (that's the name of the Diebold voting software) were available for download in a few places on the internet. Accessing the voting database was a simple as creating a new database and copying the password you created over to the voting database. The security log didn't have sequentially numbered entries so deleting your tracks was as simple as opening the log and deleting the pertinent lines. With ZERO experience with Access, and a single page of written instructions I was able to break in, alter voting data (on my PC not a real election PC!), and cover my tracks within just a few hours of installing the software. These machines are set to autorun anything that is inserted in the PC card slot!!! PC cards are what are used to carry vote data from the precincts to the central tabulator so dozens of cards are typically inserted in the central tabulator on election night. Fixing an election is as simple as writing a script on a PC card and inserting it in the PC card of the central tabulator. It's not far fetched either. Unidentified people have been seen fiddling with the central tabulators in several counties in elections when there were surprising results. My conclusion was not that these machines were badly designed, but that they were well designed for the purpose of enabling election fixing.

Re:waht we've all been wondering... (1)

NeverVotedBush (1041088) | more than 6 years ago | (#20115969)

Perfect. They decide to code something that people have always tried to hack (voting) with the most insecure operating system on the planet.

And people wonder how in the last election the exit polls somehow didn't agree with the final vote counts.

It's not a democracy when the people don't actually get a say in the outcome of an election.

Re:waht we've all been wondering... (0)

Anonymous Coward | more than 6 years ago | (#20116117)

"...the machines are running Windows, the software is written in Visual Basic, and the database is Access."

From the source code review index:

5.3.6 GEMS fails to filter some user input before using it in SQL statements

SQL in Access? I'm don't know much (anything) about Access but I thought Access didn't use SQL. Maybe as a front end to a SQL database though.

Re:waht we've all been wondering... (2, Interesting)

ImaLamer (260199) | more than 6 years ago | (#20116251)

Access does use SQL, but it's interpreted in part by the Windows software component: Microsoft Jet.

Programming Visual Basic over Access is first year Windows programming. I took this class, and I just wanted a networking education - worked out however since my current employer is married to SQL Server with Access front-ends for its OLTP (and their costly proprietary vendor is married to this idea too; $400 to edit some Visual Basic code, 10 lines max). Not very open, but we are managing to hack it daily. I'm sure this isn't allowed, per the license, but I'm already off on a tangent.

Point is, I hate working there.

Re:waht we've all been wondering... (2, Informative)

gomezfreak (1128013) | more than 6 years ago | (#20116223)

I can vouch for that as someone else who works for a company contracted by Diebold. All of their machines (voting and other types) run Windows CE. And no, that is not a good thing.

Holey shiiiittt! (1)

crovira (10242) | more than 6 years ago | (#20116491)

God damn it, I was hoping to sell my vote for a couple of bucks but now, I realize that some script kiddy is going to screw me out of even that little compensation.

Why bother even going.

So they tally way more votes that voters... Hwo gives a fuck?

It would take a revolution to make a noise in the media and you know Fox news would never run the story unless we were offering to give them video of Britney's bald head going down on the choef electoral officer.

Re:Holey shiiiittt! (1)

Sergeant Pepper (1098225) | more than 6 years ago | (#20118811)

Only if the Chief Electoral Officer was a Democrat.

Re:waht we've all been wondering... (1)

Z00L00K (682162) | more than 6 years ago | (#20119209)

Troll mode on:

Which means that it's just a prototype - not the real deal. VB & Access is only good for prototyping...

Troll mode off:

And anyway - if Diebold is running insecure voting machines - what about their ATM:s? Why not launch an awareness program that checks them too and let people decide if they are willing to take the risk of using their machines?

Re:waht we've all been wondering... (1)

jjacksonRIAB (1050352) | more than 6 years ago | (#20119239)

As someone who applied for Election Systems Software, VB + Access + Windows trumps PASCAL :-D

Re:waht we've all been wondering... (1)

MillionthMonkey (240664) | more than 6 years ago | (#20115789)

HOW F*CKING HARD is it to make a secure voting machine?!?

If one makes the foolish initial decision to use an inherently untrustable device like a computer in the first place, then it comes down to one's choice of an operating system. Diebold chose Windows CE. [zazzle.com]

Re:waht we've all been wondering... (1)

PhrankW (1077411) | more than 6 years ago | (#20115857)

During the last millenium, Stalin said: "It's not who casts the votes thatmatters, it's who counts the votes." Now, it's not who programs the voting machines. Ah,progress. Phrank

Re:waht we've all been wondering... (1)

realdodgeman (1113225) | more than 6 years ago | (#20116339)

During the last millenium, Stalin said: "It's not who casts the votes thatmatters, it's who counts the votes." Now, it's not who programs the voting machines. Ah,progress.
Yep. Now we are one step closer to the voters. A couple of decades more, and we might have democracy...

Re:waht we've all been wondering... (1)

PhrankW (1077411) | more than 6 years ago | (#20117621)

From your lips to the Prime Programer's ears.

Re:waht we've all been wondering... (3, Insightful)

prxp (1023979) | more than 6 years ago | (#20115859)

I understand your frustration, but in the world of electronic voting, everything that can be tampered with and go undetected is considered insecure. That's basically every computer system I've seen so far. Also, don't forget DoS like attacks, because not being able to vote is also a threat to democracy. In fact, we can keep adding threats and more threats. I really don't think you could simply spare two days and use bash or any language to solve the problem. But I do agree with something that is implicit in your comment. People love to spread FUD about electronic voting. Even though I agree it is a real danger, people are much more concerned about getting everybody afraid of the technology than actually proposing a viable path. It is so easy to show something doesn't work. Meanwhile, we are stuck with paper trail as the only secure (?) option.

MisUnderestimate (4, Insightful)

bussdriver (620565) | more than 6 years ago | (#20116205)

A corp that makes secure ATM machines designs and builds machines using ZERO of their ATM experience or technology which is on par with a high school student project (I saw the leaked software many years ago; that was totally under reported.)

This is not the typical play stupid situation that sells so well in the USA. This is clear-cut intentional negligence and I shouldn't need to go into the many possible motives for anybody to pull such scams. This isn't even that other large voting machine company who elected their own OWNER!

The difficulty is NOT making a computer COUNT or securing the totals, they distract you with the irrelevant technical details. Its in WHO YOU TRUST to implement, maintain, and secure the system that is the unsolvable difficulty (I for one, will welcome our evolved computer overlords when they take over...)

The ultimate purpose for Rube Goldberg designs is POWER (job security and customer lock in being most common motives.) When you place the power in the hands of a few you always run into trouble. IRONICALLY, the purpose for democratic voting is totally being forgotten in this pseudo debate about how the publicly inaccessible voting system operates!

Canada figured it out; however, I'd like to see a weighted voting system well implemented. Also, I would like to see a new kind of elector system so my friends can just give me their votes; its hard enough to get them to the polls on a WORK DAY... (yes, the pro-"democracy" USA never respected democracy enough to make election day on par with memorial day. Irony has become redundant.) While I'm at it, I'd like senators to go back to state appointment because the intent was to prevent an all powerful federal government.

Re:MisUnderestimate (2, Interesting)

gomezfreak (1128013) | more than 6 years ago | (#20116249)

See my post higher up the thread. Their ATM's aren't as secure as you think either.

Re:waht we've all been wondering... (2, Insightful)

Jeremi (14640) | more than 6 years ago | (#20116551)

HOW F*CKING HARD is it to make a secure voting machine?!?


Pretty f*cking hard, I expect. The problem is roughly equivalent to making a secure DRM system, which everyone on Slashdot claims is near-impossible. In both cases, you need to give someone physical access to the machine and its contents, and yet somehow prevent them from secretly modifying the machine's behavior to suit their liking.

It is not about making it secure (0, Troll)

WindBourne (631190) | more than 6 years ago | (#20116657)

It is about having another revenue stream. After all, how much would either major party be willing to pay to win a governorship or a presidency? They have already shown that spending 10's of millions on a state election is nothing. Now, they can spend it and be guaranteed of having a 10-20% boost in the outcome. In a normal year, that is enough to win the election. For last year and next, it will not.

Re:waht we've all been wondering... (3, Funny)

jhylkema (545853) | more than 6 years ago | (#20117137)

I bet i could write a secure voting machine that could handle state and federal elections securely in a couple of days in any language from assembly to bash!

Bonus points if you can write it in INTERCAL [catb.org] .

Re:waht we've all been wondering... (1)

Sergeant Pepper (1098225) | more than 6 years ago | (#20118841)

He clearly stated from assembly to bash. I is not between A and B in the alphabet!

(Sorry, too many Centrum commercials)

Re:waht we've all been wondering... (1)

ArcherB (796902) | more than 6 years ago | (#20117565)

HOW F*CKING HARD is it to make a secure voting machine?!? The thing counts and keeps track of votes! I bet i could write a secure voting machine that could handle state and federal elections securely in a couple of days in any language from assembly to bash!

How hard is it to make a secure voting machine? Exactly as hard as it is to make a secure OS and application, along with support files, data and libraries, that will be installed on a machine where it will be located in a public location where anyone can get private, direct access to it. How hard do you THINK it is?

If Microsoft, with billions on top of billions spent on security can not make a machine virus free, what makes you think Diebold can?

But, since we are talking about viruses here, it should be pretty easy to protect these machines from viruses. First, don't connect them to the Internet. Next, don't give voters access to a keyboard, mouse or drive bays. Now, with no keyboard, mouse, network or drive access, how would YOU infect one of these machines with a virus? The Force?

Re:what we've all been wondering... (3, Insightful)

solitas (916005) | more than 6 years ago | (#20117637)

HOW F*CKING HARD is it to make a secure voting machine?!? The thing counts and keeps track of votes!

I cannot see WHY they feel they have to network them to accumulate the results. Best way to propagate a virus: wire them all together (or, worse, through the internet - however "secure" the connection).

I still can't see anything wrong with using the machines to accumulate the votes and then polling each machine, by hand, to copy the tallies - having enough witnesses from all parties will keep the results accurate and they can still be communicated to the appropriate location as they've always been.

I thought the main purpose of new machines over the older mechanical ones was the reduction of complexity of the machines (hence increasing their reliability), accessibility by the handicapped, and ease of recounting (just run the forms through another scanner and see if they total identically) - at least that's the line parroted by our idiot secretary of state (bysiewicz, Connecticut).

It's obvious that machines wired to each other can be more completely tampered-with than individual machines, SO WHY DO IT?

Re:waht we've all been wondering... (3, Insightful)

letxa2000 (215841) | more than 6 years ago | (#20117655)

HOW F*CKING HARD is it to make a secure voting machine?!?

Not very hard. But such a system would not be based on Windows or any normal version of Linux, or any other such operating system. The underlying code should be programmed as firmware which means it is stored in EEPROM or flash memory that cannot be changed by the machine itself. It should be electrically/hardware impossible for the code being run to be changed by the platform running it.

A microcontroller (take your pick... 8052, ARM, even lowly PICs) is the ideal platform for a voting system. The small architecture makes it easy to develop an entire system without an underlying operating system so that all the code being run can be reviewed easily. The platform could be such that the code cannot be changed by the hardware running it (some microcontrollers include in-application programmability, but such parts would be specifically excluded as options). And even an 8-bit microcontroller with 64k of program memory is more than enough to implement a functional and secure modern voting system with touch-screen GUI.

The use of complex OS-based system, whether Linux or Windows, is going to make any system vulnerable to unexpected problems, intentional hacking, and intentional or careless problems due to viruses. A voting system should be like a microwave or a refrigerator: It just goes and is essentially impossible to hack. That does not exclude modern electronic voting systems, but it does exclude such systems based on Linux/Windows in virtually all cases.

Re:waht we've all been wondering... (1)

iminplaya (723125) | more than 6 years ago | (#20117979)

One of the most secure voting "machines"(as opposed to machine voting) I've ever seen is made out of cardboard and filled with nothing but air and some paper and the most common virus in its operating system is the Rhinovirus. This thing about having to computerize everything is an unhealthy obsession. Why does everybody think that a crescent wrench makes a good hammer? Hell, these people don't even know which end of the screwdriver to hit.

how hard is it to secure your laptop from yourself (1)

Black Box Voting (1127257) | more than 6 years ago | (#20118663)

pretty f*ing hard.

The real risk is insiders: the programmers, the maintenance people, the random IT person, the technicians.

Bev Harris - founder, Black Box Voting

Is it just me (1)

shish (588640) | more than 6 years ago | (#20115573)

Or is this basically the same story as the one cmdrtaco posted a couple of hours ago (and is still on the front page)?

Re:Is it just me (2, Interesting)

Torodung (31985) | more than 6 years ago | (#20115661)

No. It's not just you. It's not actually a dupe, but it's a new angle on the same article. Part of the problem of continually producing articles as the news develops, is having to produce dupe articles to add new important details to a previous article.

I would assume that these viral vulnerabilities are the contents of...

Additional reports [which] will be made available as the Secretary of State determines that they do not inadvertently disclose security-sensitive information.
...as mentioned in the previous article about California auditing the machines.

--
Toro

Re:Is it just me (1)

Bearhouse (1034238) | more than 6 years ago | (#20115749)

"Part of the problem of continually producing articles as the news develops.."

Yup, especially when the eds (hello Zonk...) don't read (see /. ad nauseam) their own site. //end rant

Of course you're right that, as news comes in, new information germane to the discussion should be added - but why not put in the 'original' /. article? Or at least link to it?

Re:Is it just me (1)

sholden (12227) | more than 6 years ago | (#20117449)

There's this amazing new technology called "the internet" on which you can put "web pages". They are a little bit like pages in a newspaper, except you can edit them at any time. So when the story develops you can add an update to the existing article instead of having to produce a whole new one.

Re:Is it just me (3, Insightful)

Torodung (31985) | more than 6 years ago | (#20117635)

This is true.

However, I think self-redacting/auto-revising article text is a bad idea. Have you ever lurked on (for example) the Associated Press feed and watch an article headline slowly morph from "Bush puts off decision" to "Bush faces tough decision" and finally end up as "Bush makes decision" while the text, in which he clearly puts off the decision, stays static? I have. Or worse yet, both the headline and the body texts change according to an agenda.

There is pressure being brought on news agencies to make those changes, which are becoming commonplace. This is the danger of Internet publication in the information age. It becomes unreliable. It's too easy to change it.

So I prefer a news feed to retain previous revisions so I can get a good idea of the reliability of the news source. If there's an update, I expect it to be published as a separate note, not superseding the article text in place. I expect the act of publication to have permanent consequences, not be an act that you can wash away with something more responsible at a later date.

My expectation, of course, is not realistic. It is borne of growing up with a print media. The only logical expectation is that Internet publication will be abused, and that "print media" is now less reliable, because it is no longer in print. I only ask that you understand the consequences of your demand that Slashdot "clean up" their articles. Your desire for "clean" can rapidly turn into an engine for censorship and yellow journalism.

I can assure you of one thing: that CowboyNeal's article will fall off the bottom of the page soon enough, and you can then feel at ease.

--
Toro

Even worse (5, Informative)

Alex Zepeda (10955) | more than 6 years ago | (#20115627)

The even scarier part is that the Diebold machines have not been decertified [sfgate.com] .

it gets worse (1)

dotpavan (829804) | more than 6 years ago | (#20115791)

Awesome! (1)

MillionthMonkey (240664) | more than 6 years ago | (#20116161)

Which are they using, WPA or WEP?

Re:Awesome! (0)

Anonymous Coward | more than 6 years ago | (#20116213)

Neither.

Electronic voting is just part of the problem (0)

Anonymous Coward | more than 6 years ago | (#20115657)

Frauds in the election system in America are easy. People can vote over mail, people vote in volunteer's garages, foreigners (like me) get voter's registration cards in the mail and requests from the parties to sign up and vote.

If I ever wanted to commit fraud in the election system, I would have. And that would not need to involve hacking a machine.

Until voting is centralized, managed entirely by the government, with better security mechanisms in place, it's very easy for anyone to commit fraud. People just have not thought about it yet.

Re:Electronic voting is just part of the problem (2, Insightful)

kevinatilusa (620125) | more than 6 years ago | (#20115825)

"If I ever wanted to commit fraud in the election system, I would have. And that would not need to involve hacking a machine"

The catch is, the fraud that you would be committing (registering as a non-citizen) would only affect the election by at most 1 vote, and that single vote is quite unlikely to change the election.

The danger in using insecure voting machines is that a single fraudster can swing an election by many votes, making it much more likely that their intervention affected the final outcome.

Re:Electronic voting is just part of the problem (1)

mi (197448) | more than 6 years ago | (#20116123)

The danger in using insecure voting machines is that a single fraudster can swing an election by many votes, making it much more likely that their intervention affected the final outcome.

And yet this is just want the GP-post wants — a centralized system, where a single breach could affect not a couple of thousands, but millions of votes in one deal.

Maybe, that's why he is posting as an AC...

Re:Electronic voting is just part of the problem (1)

dbIII (701233) | more than 6 years ago | (#20118019)

I think in India they had the right idea. Each very simple and fairly cheap machine could only take a relatively small number of votes before it was "full". This is a defence against people stealing the machines, ballot stuffing and returning the machines. One hacker would either have to get physical access to a lot of machines that are not networked or infiltrate where the votes are tallied by volunteers from different political parties that do not trust each other and watch each other like hawks. That would make effective vote rigging a major criminal operation with a lot of participants and a lot easier to identify.

Re:Electronic voting is just part of the problem (1)

MillionthMonkey (240664) | more than 6 years ago | (#20116217)

Until voting is centralized, managed entirely by the government, with better security mechanisms in place, it's very easy for anyone to commit fraud. People just have not thought about it yet.

No, I thought of it when I stole an election last year. I only do a Diebold job if the client promises to quash any investigation into election fraud in the district once he gets elected. Anyone who can't figure out that much won't get far in the vote stealing business. Stealing elections is tricky- you can't just rely on encryption and technical methods for stealth- you have to cover your tracks politically too, so that nobody ever suspects anything is wrong. I mean it's easy but it does require a little tradesmanship. It's a good thing, too, since the work is seasonal at best.

Goodness (-1, Troll)

Anonymous Coward | more than 6 years ago | (#20115689)

And I'm sure it'll all come out as just an evil Republican conspiracy yet again, no one could possibly choose not to vote Democrat, could they? ........snicker......

I wonder if UC Berkley would recommend *BSD? (2, Insightful)

RanCossack (1138431) | more than 6 years ago | (#20115711)

I personally think the University in question should recommend a virus-free system, designed and tested to be very secure... that they wrote.

(Any number of non-windows OSes would fit, but the *BSD family just fits so well here.)

Note: it spells Berkeley (1)

thib_gc (730259) | more than 6 years ago | (#20116579)

I just wanted to point out that it spells Berkeley [berkeley.edu] . Honest mistake, since it's wrong in the original post.

Re:Note: it spells Berkeley (1)

RanCossack (1138431) | more than 6 years ago | (#20116633)

.... oops, thanks. Yeah, I copy and pasted it from the article... ehehe... obvious I didn't go there, eh?

Easy solution (0)

Anonymous Coward | more than 6 years ago | (#20115725)

Alcohol wipes.

Edison was still wrong (2, Insightful)

CriminalNerd (882826) | more than 6 years ago | (#20115727)

I would like to repeat myself by saying that voting machines should have never been permitted to be used in elections. Edison got his rejected, so why allow Diebold?

If you ask me, it's just pointless. Why can't the state government(s) just get rid of the machines and reinstate the good ol' paper votes like they used to? Do they REALLY want to keep on using Diebold machines and/or voting machines in general?

Re:Edison was still wrong (2, Funny)

MillionthMonkey (240664) | more than 6 years ago | (#20115885)

Well Edison was so late 19th-early 20th century. We have to "update elections for the computer age" and "build a bridge to the 21st century". Apparently this means loading elections onto a bus and driving them over just as our new bridge collapses.

Re:Edison was still wrong (1)

corsec67 (627446) | more than 6 years ago | (#20117823)

So only Minnesota can have the modern voting machines?

Flogging a dead horse (1)

MadnessASAP (1052274) | more than 6 years ago | (#20115761)

Alright we get it the Diebold voting machines are as we predicted, CRAP! now can we please just agree that anybody who even thinks of using these things should be fired and move on, these stories are getting kinds old.

idea for an absolutely secure voting machine. (5, Interesting)

3-State Bit (225583) | more than 6 years ago | (#20115871)

Here is my idea for an absolutely secure voting machine. Each person who goes into vote gets a token. Made of radioactive material. This material is heavily controlled, and outside the voting machine you have SWAT teams with geiger counters, and obviously anyone wearing a foot of lead is busted.

Voting consists of dropping the Uranium into one of several lead boxes which contain giant magnets to keep someone from trying to alter votes by moving tokens from one box to another. At the end of the day, you read the results digitally with a geiger counter. Every party can be there with representatives, disagreements can be sorted out on the spot with a manual count in front of a multiparty committee. 100% foolproof.

Basically, I got the idea from Bruce Schnier, who observed that it's not such a bad idea for people to keep their passwords written down on a piece of paper in their wallet. After all, people already know how to keep their wallets secure.

The US Military already knows how to keep weapons-grade plutonium secure. Basically, my idea is to just piggy-back on that, to keep voting secure.

A lot of people like to stick with old, low-tech stuff, don't have the will to try anything new. "What about the radiation poisoning" they would no doubt whine. Well I say progress consists in throwing out what's old and "safe" and being bold. [diebold.com]

Here's mine (2, Interesting)

DaleGlass (1068434) | more than 6 years ago | (#20116257)

Main machine consists of a screen, CPU and printer. It only prints ballots, and doesn't count anything. Ballots are printed in a human and computer readable format, in an easy to OCR font. No barcodes or anything hidden. Perhaps in different ink colors to make manual sorting easier.

Machine prints ballot and shows it to the voter. Voter approves or discards it.

Ballot is fed into an optical scanner, which scans it. Scanner is implemented as absolutely simply as possible, by for example measuring levels of reflected light. No software.

Both the machine printing the vote and the scanner transmit their results to a comparator. This would be implemented in very simple electronics -- resistors, capacitors, and standard chips implementing logical functions. No custom components, or anything capable of running any sort of software. Comparator compares what the terminal said it printed, and what the scanner said it scanned. The result makes a simple mechanical component move (with a magnet for instance) so that the ballot is either stored or discarded. Comparator also increments a tamper-evident, mechanical counter.

Counter is built in such a way that each increment produces an audible sound, so that increments at the wrong time can be noticed.

Mechanism contains safeguards to verify that moving components actually moved to the intended position.

Interactions and interfaces between components are standarized. Each component is fabricated by a different manufacturer. Manufacturers are not notified who is working on the other parts. For best security, multiple manufacturers are asked to implement a solution, then the ones that passs the test are chosen at random.

Re:Here's mine (0)

Anonymous Coward | more than 6 years ago | (#20116395)

Here's mine:

People are given a pen and a piece of paper with a list of candidates. They mark which candidate they want. They then put it into a locked box, which is in sight of a public place, like a park. When everybody has cast their vote, everybody who wants to sits along a long desk. The box is unlocked, and each piece of paper is passed along the desk. Each person sitting at the desk calls out who the vote is for. Anybody who wants to can attend, tally and report the vote count. The count made by officials will be confidential.

The principle behind this is that anybody interested in a secure election can take part - watch the box, observe the voting slips, count the votes - and this can be done in parallel by as many interested parties as there are. And if nobody cares about a secure election enough to turn up, at the very least, members from the press will, because they need to know the vote count, and the officials won't tell them.

Re:Here's mine (1)

mazarin5 (309432) | more than 6 years ago | (#20117713)

I don't think it's a bad idea; in fact this is what my district in Ohio does already. A terminal is set up - it takes your choices and prints out a sheet for you to review, a receipt for you to review, which is kept in the machine, and it stores the vote electronically. You put your sheet into an optical scanner. If the numbers don't match up between the two machines, the optical scanner wins.

As Stalin might say (1)

MillionthMonkey (240664) | more than 6 years ago | (#20116275)

Those who cast the votes decide nothing; those who choose the isotopes decide everything.

Also how will you stop someone from slipping in a beryllium ballot? It won't trip the Geiger counters on the way in and in the presence of alpha radiation it fissions releasing a neutron which could disenfranchise other voters.

And the mushroom cloud goes (1)

crovira (10242) | more than 6 years ago | (#20116437)

up fine.

Where are you planning to have a CRITICAL MASS of voters?

I think I would give your voting booth a wide berth.

I can just imagine the reporters covering the explosion. (Well some of them will be doing it from afar and claiming a victory for Al Queda.)

The military to safe democracy?? (1)

nephridium (928664) | more than 6 years ago | (#20117349)

Modded +5? Having to handle radioactive material (even the slightest amount) is a huge turn-off for people (those who believe any amount can kill you, but also those won't risk an additional 0.00001% chance of getting cancer every time they vote) - if anything we want more people to vote, not less. And then of course you place all the credibility on the military in the hopes it will guard all the radioactive material it has (as well as guard against any black import of the material), not withstanding that people in the military itself (with the right arguments) can get corrupted just as easily as anyone else.

P.S. Someone who holds their credit card number PIN or other password in their wallet is not very clever. Anyone who is able to extract it from the victim e.g. at gunpoint will be able to use it. Might even increase the chance of getting robbed if the victim can be seen peeking for the password. A better way is to store the wrong PIN in your wallet (or better the bank card itself), a PIN that can be read upside down as well. The thief will try it out, flip it over, try it out again and then try to punch it in a third time assuming he made a mistake the first two times - voila: card gets blocked and the thief is out in the dark.

Re:idea for an absolutely secure voting machine. (1)

jhol13 (1087781) | more than 6 years ago | (#20117517)

That would give new meaning to "critical mass" :-)

Re:idea for an absolutely secure voting machine. (1)

flyingfsck (986395) | more than 6 years ago | (#20117965)

Actually a metal vote token is not a bad idea, since to tally the vote, all you need to do is weigh the box, but I guess that is way too simple and will never fly, since how the hell is one then going to game the system?

Deeply concerned (0, Flamebait)

ThatsNotPudding (1045640) | more than 6 years ago | (#20115901)

about the upcoming elections. If the GOP looses the White House and the Democrats keep or increase their hold on Congress, a lot of the Bush Administration (including the top two) could end up in PMITA prison once their crimes are exposed. Given that motivation, they will stop at nothing to win, including a False Flag scenario. Plus, after their success in Ohio 2004, electronic vote tampering is child's play to them.

Re:Deeply concerned (0)

Anonymous Coward | more than 6 years ago | (#20117145)

> If the GOP looses the White House and the Democrats keep or increase their hold on Congress, a lot of the Bush Administration (including the top two) could end up in PMITA prison once their crimes are exposed

On what charges? The Dem-controlled Senate and House are voting to legalize several of those crimes this very weekend. You think they haven't figured out why the legislation's been drafted as specifically as it has been, and why passage is so urgently required? Yeah, I guess you don't. I'll bet you think there are two opposing parties in Congress, too.

Super-popular?! (1)

belg4mit (152620) | more than 6 years ago | (#20115955)

'Common' ne 'popular'

Heh (1)

nnn0 (794348) | more than 6 years ago | (#20116027)

When will you guys understand. These machines aren't made by idiots, but by very competent people indeed. How many crazy presidents do you need to get a clue ?

solid state? (1)

Sadsfae (242195) | more than 6 years ago | (#20116029)

why not make a solid-state device for this?

Re:solid state? (0)

Anonymous Coward | more than 6 years ago | (#20116091)

because in the computer world, no such device truly exists?

Why the hell use a "real" computer? (2, Interesting)

The Master Control P (655590) | more than 6 years ago | (#20116057)

The purpose of a voting machine is to increment integers and later add them together. There's no excuse to use anything more complex than 74xx logic chips...

Re:Why the hell use a "real" computer? (1)

jfmiller (119037) | more than 6 years ago | (#20116857)

Actually we'd prefer that the machines not do either of those tasks. Instead, the machine needs to provide an accessible on foolproof user interface for generating valid ballots. If it can count the ballots great, but we don't want to have to trust the machines count.

Re:Why the hell use a "real" computer? (1)

dbIII (701233) | more than 6 years ago | (#20117963)

There is an excuse. Some kid that is related to the boss can put something together in VB and they can keep all professionals that are supposed to have a code of ethics out of the loop.

Insecure (2, Interesting)

Anonymous Coward | more than 6 years ago | (#20116093)

If we're admitting that those machines are vulnerable to hacks, is there any guarantee they weren't hacked before...say in 2004?

And if so, should this not call into question the legitimacy of the reigning monar^H^H^H^H democratically elected Shrub on Pennsylvania Ave?

No matter what (1)

Calpse (1134185) | more than 6 years ago | (#20116225)

Even if the vote is true, once the votes have been tallied, the winning party picks representatives who cast the electoral vote. Thing is, those representatives can vote for whoever they want. So far this has never changed an election but it could. There is no such thing as an unhackable computer. It sounds like all these voting machines are on a network, why not make each machine totally seperate? Make them not part of a network at all. Then at the end those voting counter people could just plug them into something and have it print out the votes. Then even if a hacker could hack one. It would just be one. Sure he could make it so that that one machine was several million votes for one side or the other but then wouldn't the people there notice when all the other machines have a couple hundred votes on them and the one hacked one has millions? The hacker would have to make it a reasonable number and to change the outcome of the election, hundreds of machines would have to be hacked. I think that it would be hard to hack that many without someone finding out.

Re:No matter what (1)

SoapBox17 (1020345) | more than 6 years ago | (#20116751)

Actually, they cannot vote for whatever they want. An elector who changes their vote to someone other than who they "pledged" to elect is called a "faithless elector." 24 states have laws on the books to punish faithless electors. See the Wikipedia Article [wikipedia.org] .

Re:No matter what (1)

Calpse (1134185) | more than 6 years ago | (#20117285)

Thank you for the info. I did not realize that there were laws about that. I still have to point out that more than half of the states don't have laws to enforce electors to vote for who they pledge for.

USA geeks please take action (3, Insightful)

Anonymous Coward | more than 6 years ago | (#20116271)

Please, if you are a USA geek and care about the integrity of your democracy, force the public to take notice. You think they are going to care if people say that something is theoretically possible? No, they think it's a conspiracy theorist, or, at best, "The government would never let that happen, would they? I'm sure somebody is taking care of it." The only way to fix this is to make the public realise that this directly affects them. Otherwise they are too apathetic and myopic to do anything about it.

So rig the next election. And I don't mean for Mickey Mouse, that can easily be caught and covered up on the day. It has to be a landslide for a believable candidate. Write an encrypted letter to your local newspapers beforehand that explains what you are going to do and how you are going to do it. Leave a marker on the system to prove that you were there, and mention it in the letter. After the election, send them the key that decrypts the letter, proving that the recent landslide was totally rigged. For bonus points, own up to it instead of doing it anonymously, but only do this if you have an impeccable public persona. Rosa Parks wouldn't have had quite the impact she did if she dealt weed on the side.

If you don't do this, somebody less honest than you will. They may already have done it. The only people who can solve this are honest American geeks.

DUPLICATE (2, Informative)

zestyping (928433) | more than 6 years ago | (#20116281)

This is a duplicate of the (still front-page Slashdot) story [slashdot.org] posted by CowboyNeal.

Please post a story about the Secretary of State's decision [ca.gov] restricting the use of these machines.

Re:DUPLICATE (0)

Anonymous Coward | more than 6 years ago | (#20117761)

DUH is for be dupe cawz them does do have same topik!

Sandbox (1)

Karl0Erik (1138443) | more than 6 years ago | (#20116303)

Stuff like this really gives me the impression that USA, involuntarily or not, acts like some sort of sandbox for the rest of the world.

Re:Sandbox (1)

Aetuneo (1130295) | more than 6 years ago | (#20118073)

In which sense? As in a standard sandbox, where ideas are tested, or as in a cat's litter-box?

WHY? (1)

realdodgeman (1113225) | more than 6 years ago | (#20116311)

Why would you ever write voting machine software in VB+MS SQL and run it on Windows? A voting machine could run on any operating system, be written in any language and use any database. It is just going to count some numbers...

Re:WHY? (1)

flyingfsck (986395) | more than 6 years ago | (#20117985)

Worse - almost any Point of Sale system can be configured to tally votes. Gawd knows why they all go and design special hardware.

Re:WHY? (1)

xgr3gx (1068984) | more than 6 years ago | (#20118097)

It's because there is big money in government contracts.

If someone asks, "how much will it cost to build thing voting machine?"

The people with the contract are not going to say off the shelf hardware will work fine.

They're going to squeeze the government for every cent they can get.

Three systems were reviewed. (3, Informative)

zestyping (928433) | more than 6 years ago | (#20116347)

There were three source code reports released -- for Diebold [ca.gov] , Hart [ca.gov] , and Sequoia [ca.gov] , not just Diebold. All three systems had serious weaknesses, including viral propagation vectors. All of the reports are worth checking out.

Shhhh, God damn it. There does my bid to get (1)

crovira (10242) | more than 6 years ago | (#20116349)

"Pedro Sanchez" nominated and elected to the Federal Gummint.

Do you realize how many favors he would have owed me?

I would have been able to sleep with ALL of his sisters AND his mother AT THE SAME TIME.

Aw squat...

Re:Shhhh, God damn it. There does my bid to get (1)

dkleinsc (563838) | more than 6 years ago | (#20116957)

At least we wouldn't need to get a slogan beyond "Vote for Pedro".

Illinois (1)

ZarfMouse (154055) | more than 6 years ago | (#20116457)

> Oddly, my state of Illinois, long known for election fraud, has paper trails

There's a reason the state is KNOWN for election fraud. With paper trails the fraud gets detected.

I fear that in Diebold heavy states the fraud won't always be so apparent. It'll just be a lot of rumor and suspicion and often dismissed as paranoia.

Dubya's little brother made sure FL has diebold. (2, Informative)

DragonTHC (208439) | more than 6 years ago | (#20116707)

FL, not known for election fraud because of creative media hijinks, is rife with election fraud.

in 2000, Volusia County, FL had one precinct count up (er down) -16,000 votes for Al Gore. That's Negative Sixteen Thousand.

It was allowed to pass in the final tally.

information from the blackbox voting documentary.

New slogan (1)

Jon Abbott (723) | more than 6 years ago | (#20117239)

Maybe Slashdot should have a new political section slogan: "Politics for nerds. Your vote doesn't matter."

On the other hand, with a screwup like this, maybe Ron Paul will get the majority of votes on election day. Or maybe a write-in candidate like Mickey Mouse will get all the votes. :^) I guess that's where the electoral college comes in. Do they use Diebold machines as well?!

Re:New slogan (1)

The Iso (1088207) | more than 6 years ago | (#20118057)

Or maybe, "Politics for nerds. Only your vote matters."

How much money is involved (1)

zrq (794138) | more than 6 years ago | (#20118093)

Just how much money is involved in evaluating, buying, deploying and now investigating these machines ?

The main reason cited for moving to electronic voting is that manual counting methods are too slow or inacurate.

My own hunch would be that if we took even half the ammount of money that has been wasted on these machines and spent it on researching ways to improve the speed and accuracy of the existing manual counting methods, we would have a better system that would be both secure and clear for everyone to understand.

So? (1)

filesiteguy (695431) | more than 6 years ago | (#20118455)

Yes, we know the Diebold machines are running WinCE, the program is either VB or VC++ and the database is access.

Yet I can't help but wonder. If I gave my truck to a bunch of high school students, locked them in the gargage with it for a week, could they possibly break into it?

Get real, folks. My only question is to when DES gets out of that market. It is only like 2% of their business...

Again, the focus is misplaced... (1)

LynnwoodRooster (966895) | more than 6 years ago | (#20118527)

Good elections start with clean voter rolls. Until we also work at cleaning the voter rolls, all this smoke-and-fury over the machines is irrelevant. John Fund [opinionjournal.com] has written extensively about the issues of voter registration fraud. Sound Politics [soundpolitics.com] 's Stephan Sharkansky has worked tirelessly to uncover literally thousands of illegal registrations here in King County, Washington. Not to mention the fact that there were thousands more votes than voters...

Clean the rolls, and I bet 99% of all "election fraud" issues go away... I'd say force everyone to reregister, nation-wide. Proof of citizenship and proof of residence must be provided, or you don't get to register. Provisional ballots? Throw them out... Mail in ballots? Unless you're physically incapable of making it to the polls (medical condition or overseas), you gotta get your butt down to the polling station - no mail in ballots for you. And you have to provide proof of identity at least as good as if cashing a check at a bank - two pieces of ID, please.

The power of the vote is one of the most important powers that citizens have. It should be protected and cared for at least as vigorously as the Bill of Rights. The fact so many scream about supposed infringement of their "rights" but are lackluster at best towards voting is truly the scary part...

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...