An Open Letter To Diebold

jcatcw writes "Computerworld's Rob Mitchell tells Diebold President and CEO Thomas Swidarski how to regain Diebold's reputation instead of throwing in the e-voting towel. He recommends full disclosure of all existing problems, a process for disclosure of future problems, hiring of some real professionals as CTO and as an advisory group, and public testing. 'Surely if Diebold can make a secure ATM there is no reason why it cannot make secure and reliable e-voting apparatus in which the public has confidence.'"

VVPTs!

[Anonymous Coward]

They left out what may be IMO the single biggest factor if you're going to have a DRE voting machine: a paper trail!

I don't care if it's open source, audited, proved correct, or whatever, I would probably feel more comfortable with a machine from today plus a printer.

I'm not really holding my breath on this...

[SeaFox]

He recommends full disclosure of all existing problems, a process for disclosure of future problems, hiring of some real professionals as CTO and as an advisory group, and public testing.

My recommendations:

• Make the code simple and open-source.
  
• No last minute "patches" being applied by Diebold personnel on election day with no explanation why or review of the code beforehand. The machines should be frozen for most purposes when they're shipped and completely at least 72 hrs before election day.
  
• Do a "dry run" of the election equipment to make sure everything is working properly before election day! I keep hearing about what sound like fairly simple problems cropping up at the polls that make you wonder if they do any testing at all on these systems before releasing them.

"Surely if Diebold can make a secure ATM there is no reason why it cannot make secure and reliable e-voting apparatus in which the public has confidence.""

When did they make a secure ATM?

The customer drives security.

[Paleolibertarian]

ATM's are bought by banks. As much a $250,000 can go through one ATM in a weekend. (Maybe more) The banks demand security. Voting machines are purchased by bureaucrats who probably use "password" for their office PC password.

i have to ask

[blackcoot]

"Surely if Diebold can make a secure ATM there is no reason why it cannot make secure and reliable e-voting apparatus in which the public has confidence." — has diebold actually made secure ATMs?

secure enough

[Russ Nelson]

Diebold ATMs aren't "secure"; they are merely secure enough that no further investment should be made in them because the losses are cheaper to accept than the cost of the increased security.

The ugly truth of voting is "lots of votes get flushed". The reason we trust our system of voting now is because we have partisan poll watchers who are making sure that the other party doesn't take liberties. In other words, little old ladies. No, all respect due to little old ladies, but do you think they feel confident being in charge of any kind of new technology? If they're wise, they won't be.

ATM Security

[kg4czo]

The Fed regulates the security involved with ATM's. Every last detail is laid out, down to the 3DES encryption. Nothing regulates voting machines, and no sign of QA. Diebold didn't care, nor did the beurocrats that signed the damn order to unleash these pieces of shit on our population. Let's hope someone gets sued outta the shitstorm, and things change..... But I'm not holding my breath.

Why electronic?

[paulthomas]

Maybe paper offers a greater degree of transparency than electronic bits. We shouldn't hope for more secure electronic voting machines, but rather a public realization that sometimes "if it ain't broke, don't fix it."

Sure, cryptography, open-source, signed binaries, etc. begin to offer the transparency we need in voting, but at the moment, the expense greatly outweighs any conceivable benefits (what, no need to argue about chads?).

Paper voting works. Distributed counting means less impact from an individual case of polling-place fraud, and the paper record can be stored for a public recount where many eyes can verify the results.

Shouldn't be secret

[Cracked Pottery]

The design and source code of the machines should be public information. All of them. There should not be any IR or wireless connectivity. That includes the tabulators. Touch screen voting is slow, dumb and expensive. Complicated elections eat up time. Optically scanned ballots only need a few additional tables to accommodate a heavy turnout. Machine time per ballot is minimal, and the ballots can also be counted by hand.

Surely there are more than enough reasons

[A beautiful mind]

...why voting machines can't work:

"Surely if Diebold can make a secure ATM there is no reason why it cannot make secure and reliable e-voting apparatus in which the public has confidence."

ATMs are much easier to make. The ATMs _can_ trust the bank. The user can easily verify if the ATM works or not because they leave a "paper trail" (um hello, if it wouldn't give precisely the amount of cash out that you requested, wouldn't it be a little bit suspicious and wouldn't people have noticed it?).

Voting machines cannot trust neither the user, nor the authorities and to top it off it has to be verifyable to both. In short, a much harder problem.

The requirements to verify the voting process if paper ballots are used: being a non-retarded human being and a small amount of time.
The requirements to verify the voting process if voting machines are used: electrical engineer and programmer proficient in all related languages and access to the source code, months of time verifying the voting machine, then making sure the voting machine used at the election is the same one you verified.

If you look at it from the average person's perspective: in the first case the voting process is transparent for the average person. They understand and if they want, can verify the local process. Paper voting also gives a much better accountability to the overall picture. You generally count the votes locally, then make a official log about it, send the result up in the chain. Then when the overall results are known, you can check the website or whatever to see whether the numbers up on the website about the local results match with your local results you have in your hands. I know that if they didn't it would be found out pretty quickly because at least some people do make this comparison. So now we know that the local results on the website match the local results in the local voting stations. Now you can just simply add up the local results to check the big picture, whether it matches. At least some people will do that, so you can be reasonably certain that the results are pretty accurate, because to tamper with the outcome you would have to modify things on a local level at lots of places simultaneously and since we're talking about paper you'd have to involve a lot of people so we would know about it if someone attempted it.

In the second case, even if you would have the overlapping skill requirements to verify stuff, you still need to have the time and the access. Then, votes are tabulated not at a local level, but a step above, at a regional level, so you reduced the number of places you would have to tamper with in order to skew the voting process. Since it is a complex electronic process which few people understand exactly, you can modify the results involving much less people and can do it in a much more stealthy way. Since it is electronic, carrying out the act on a wholesale level is not a problem for the bad guys. You got to ask the question one time: which is easier: simultaneously manipulating a few tonns of paper scattered across the whole country when they are guarded by thousands of people, or voting machines coming from two main sources, two companies which aren't guarded at all, or to be more precise, people are forbidden to guard them (source code-wise) and even if you would attack not at the source code level, but at the regional counting level, then it's still much easier to tamper with than with paper.

We have to face it: not even an open source voting machine is good enough. It's much easier to simplify the ballots to catch up with the only positive thing voting machines provide, than to design an electronic system capable of transparent, accountable voting. Even if you take a barebones microkernel/firmware voting machine, it is still a hundred thousand(*) times more complex than paper voting.

*I just pulled that number out of my ass, but I think most people underestimate the complexity difference between the two methods.

Why would I want Diebolt to regain its reputation?

[Project2501a]

You guys are missing the point:

Given that:
1) the CEO, all of current management, sales and computer programmers who kept their mouths shut, remain in place,
2) the CEO being the same person who pledged to bring the elections over to the Republicans,

what would a solid reason be which would give me ANY, even tiny, reason to put ANY amount of faith, back into Diebolt?

Wait, who cares if diebold *can* do it?

[np_bernstein]

First off, the United states has MASSIVE Debt right now. Diebold, secure or not, is HUGELY overcharging. There are perfectly good alternatives [openvotingconsortium.org] which are OSS & Free. Now - I like open source, but I have no problem with commercial software. Hell I work at Microsoft. Voting systems are one place where the code should be open. This is one system that should be maintained by the public & the government and not a penny should be exchanged for it.

Now, I'm all for people making a living at developing commercial software. Diebold has smart people and they can figure something out to make a buck. Heck, as far as I'm concerned, if they can meet some standards they could sell the hardware. But - the US Debt per person is $28k each [brillig.com]. Isn't there other things that we could be using the money we're spending on voting machines on? Here's some that I can think of:

• Balancing the budget
  
• Research & Development Grants
  
• Education Loans/Grants
  
• Small business loans/Grants
  
• public financing of elections
  

Anyway, just $0.02
-n

think bigger, and simpler

[pascalpp]

The problem with electronic voting machines is dwarfed by the problems inherent in the way voting is done in most states. Oregon has been using vote by mail for 10 years and they consistently have higher voter participation than every other state and practically no fraud. What's more, voters are better informed about the candidates and issues they're voting for and have time to research before voting. To learn more, check out: http://www.votebymailproject.org/whyvotebymail.htm l [votebymailproject.org] Electronic voting is cool, especially for a user interface geek like me, but in this case, simpler is better.

Public votes have no place among corporate persons

[tykinnison]

The point, I hope, that does not get dimissed, is that our votes have absolutely no place being counted by private interests. None.

Beta Testing on Voters

[secondhand_Buddah]

Rob Mitchell is missing the point. You cannot run an election on beta software. You cannot use a real election as a beta testing process to debug your software.
Diebold should be treating their voting machines with the same reverance as NASA treats their operational platforms because, like space flight, there is no second chance in an election. You cannot just restart the process and continue. If a voting platform fails, the entire election process effectively fails. Diebold needs to do the job properly the first time, and if they can't then they must be man enough to admit it, and get out of the game early.