Diebold Threatens Wary Voting Clerk

An anonymous reader writes "From the Salt Lake Tribune: a wary county clerk called in BlackBoxVoting.org to test the integrity of Diebold voting fraud machines, part of a recent $27 million statewide purchase (to make sure that only the "Right" candidates win). Diebold goon says machines are now jinxed and it may cost up to $40,000 to fly in a company witch-doctor to make sure there were no warranty violations. Since EVERY SINGLE VOTER who uses these machines is a potential hacker looking to alter election results, why is Diebold so concerned? "

Answer

[daveschroeder]

Since EVERY SINGLE VOTER who uses these machines is a potential hacker looking to alter election results, why is Diebold so concerned?

Because EVERY SINGLE VOTER isn't allowed a level of access to the machines to presumably perform an audit or otherwise tamper with and/or view the inner workings of the machines.

The solution is quite simple:

- Have a permanent, voter verifiable, auditable, and recountable paper trail (a feature Diebold and ES&S both offer)

- Have an open source system (which actually isn't at all required if the above condition is met)

Shouldn't voting machines be regulated?

[amightywind]

I have worked in the regulated fields of avionics and medical devices. You would think that federal and state governments would have regulations governing exhaustive testing of electronic voting machines against requirements to avoid conflicts like this. What is a secretary of state's job but to prevent pissing matches like this? I don't blame Diebold for not wanting some 3rd party yahoo breaking seals on their machines. But they can't point to a documented, legitimate qualification process to allay their customer's valid concerns. This is lousy engineering of the kind that pervades traditional IT.

Forget the Diebold bashing...

[the_real_bto]

Why is everyone so hung up on: "Why aren't these machines inpenetrable to all sorts of physical attacks?"

Who cares how physically secure the machines are or aren't? Even if the machines were tamper proof (which they should be), who cares? The real problem here is that we have a closed vote counting and verification process. That is unacceptable.

Elections and the vote counting process should be completely and utterly transparent. I trust no machine to count votes. If we use any kind of machine, it should be verified by random human recounts.

This is not the kind of problem for a clever or slick solution. The only sane solution, IMHO, is to apply the KISS principle. Keep it Simple Stupid.

couple points of info

[frankie]

The article blurb here is low on detail and high on gasoline, so here's some tidbits:

1. Emery County is majority Republican in both population and voting.
2. Bruce Funk was not skeptical of the machines until after inspecting them.
3. He was, however, a bit worried that the state expected local officials to be responsible for all problems, but mandated the use of these machines.
4. He then noticed that supposedly identical & pristine machines had widely differing amounts of free memory.
5. Rather than go to the state or to Diebold, he called Black Box Voting [bbvforums.org].
6. It's really doubtful that (as Diebold claims) font differences could eat up 20MB.

Re:Answer

['nother poster]

- Have a permanent, voter verifiable, auditable, and recountable paper trail (a feature Diebold and ES&S both offer)

Sorry, but according to Diebolds web site...

All ballots cast using the AccuVote-TSX are immediately encrypted and stored in multiple locations within the voting station to provide secure system redundancy. Non-volatile memory is used to ensure election results are securely protected. At the end of the voting period, the integral thermal printer within each AccuVote-TSX can print election totals for the specific voting station.

Notice the At the end of the voting period? They do not offer individual paper audits/confirmations of the votes cast.

The Machine shouln't matter....

[bradgoodman]

There was a very popular book (I believe now out of print - published in 1994 - "Applied Cryptography".) In it - it had a very good example of "secure voting". (I believe this concept has been published/discussed outside of this text - sorry to those who might have came up with it.) To try to summarize (removing cryptographic references where possible) - everyone gets a "ticket" saying they voted - and everyone gets a (separate, non-trackable) "ticket" saying *what* they voted for. Lists of both "tickets" are made public. Anyone and everyone can verify that their vote was cast and recorded properly. The point here - is that the the security in the system isn't in the machine, but rather in the system. Wouldn't that make more sense??

Some more information about the testing...

[no haters]

Over at blackboxvoting.org they have some more information about what tests were actually run on the machines, what they found, and what diebold's official response was. Apparently, BBV did not actually do the tests themselves, they arranged for 3rd party security experts to go in and do the analysis.

Here's the link:

http://www.bbvforums.org/cgi-bin/forums/board-auth .cgi?file=/1954/19743.html [bbvforums.org]

It's on black box voting's website, so obviously it will be biased, but at least it gives more detail than the gloss-over provided by the tribune.

Re:what does it matter?

[plague3106]

Not sure if you honestly don't understand the post or not, but there are 40 to 50 items on which to vote. So some questions will be for filling various offices (like school boards) others will be laws or a way to give those in office an idea how people stand on the issue.

For example, besides electing a new mayor, we voted on what is to be done with a vacant building on the waterfront, whether to keep floride in the city water system, etc.

It is a serious problem.

[Irvu]

In answer to the poster's question Diebold is behaving this way because the machines are not secure nor can they be. Anyone who gets a close look at them can see that. Diebold, like ES&S, and Sequoia is opting to muscle in and abuse people rather than admit that no machine is perfect and try to make them as good as possible.

The companies have done similar things in other states. In Florida All 3 have refused to sell any systems to Volusia County. The county's Election Director Ion Sancho was the one who allowed his systems to be tested for security and discovered the "Hrusti Hack" namely whereby the machines will load arbitrary code stored on their memory cards and execute them. Such a hack makes it trivial to change ballots, erase totals, etc. It has since been shown that systems by Sequoia Inc. are vulnerable to the same hack.

Volusia county is also the county that caused Al Gore to initially declare defeat in 2000. During election night Al Gore was leading Bush with a comfortable margin. At 10om someone uploaded a card that reported -16,022 votes for Al Gore and 10,000 for some socialist canidate all from a precinct with 600 voters.

This card passed all of Diebold's stringent "safety checks" (whatever the hell they were) and changed the statewide totals putting Gore well behind Bush. Gore declared defeat. After that the county discovered the errors and reset the system claiming that the new totals were correct. Nevertheles the fact remains that the card got in, was loaded, and threw off a U.S. Presidential election.

Now the companys won't sell to Volusia and are telling the state and the feds that it's Sancho's fault because he wants to test the systems for security. Florida's Governor Jeb Bush (brother of shrub) has also personally blamed Sancho for putting the state behind.

Meanwhile the Department of Justice is threatening to sue the state or withold funds because the county has not bought new systems even though noone will sell said systems to them. The idea being, apparently, that he should just sell out the elections.

At the end of the day the collusion and bullying going o by the companies, by the U.S. Government over HAVA (written by Bob Ney former congressmen for Diebold and now a leading figure in the Abramoff corruption investigation) and by frightened state governments is insane. At the end of the day the only losers will be the American People, of all stripes.

Why Deibold, and not these guys?

[homebrewmike]

http://www.openvotingconsortium.org/

Government has to be transparent. If it isn't? Draw your own conclusions.

It's a little embarrasing that the "Bringer of Democracy" can't even be trusted to roll out a fair voting system.

Re:what does it matter?

[swillden]

o you've never heard of having a different voting slip for each actual office position then... and putting the marked slips in the correct boxes makes things easier at the counting places as well

We'd need at least 30 boxes. That's just impractical. Come to that, it's better to put everything on one paper ballot and then figure out how to count (which is what has been done for many, many years).

You have to remember how governments are structured in the US. City, County, State and Federal governments are all separate, and we vote for offices for each. Within each government, executive, legislative and judicial branches are separate, and we vote for people in most of them. On top of that are ballot initiatives at the city, county and state level.

Whether or not having so many choices actually improves democracy is an open question, but this is the system we have, and the voting approach must work with it.

County Clerk != Voting Clerk

[ishmalius]

Just a short civics refresher: A voting clerk is usually a retired little old lady volunteering to watch a polling station. A county clerk is a prominent elected official. Depending on the laws of the state, the county clerk likely has more than sufficient legal powers to call the election procedures into question. The summary makes the person sound like a poor downtrodden powerless gnome being bullied by an evil corporation. Maybe the story should tilt just a little bit in the other direction. But, still, more power to anyone who fights this questionable product.

Read BlackBoxVoting for better info

[Anonymous Coward]

However, by not informing the commissioners of his desire to have a third-party examine the machines for flaws or outright corruption, he has invalidated any findings by Black Box since it is true no one knows what they did or did not do. The correct process would have been to tell the commissioners of his desire for a third-party review and if they objected or if Diebold objected, he could have explained his reasonings why he wanted another set of eyes to check things out (which is pretty much what was said in the article). If they refused the request he would have a much more firm standing to say whether or not the machines will do what the manufacturer claims they will do since by not allowing the examination it would appear that they, either the commissioners or Dieblod (or both), have something to hide.

Not exactly. According to the contract with Diebold, Bruce Funk had the right to arrange for an independent evaluation. From this link: http://www.bbvforums.org/cgi-bin/forums/board-auth .cgi?file=/1954/19743.html [bbvforums.org] "Bruce Funk, the elected official who has run elections in Emery County for 23 years, noticed a critical shortage in flash memory/storage in seven of his 40 brand new Diebold machines. He arranged for an independent evaluation, a right granted to Utah county officials in the Diebold contract. Black Box Voting secured the services of Harri Hursti and also Security Innovation, Inc. for the Emery County evaluation."

Are you aware of the test in Florida?

[VP]

Black Box Voting demonstrated in Florida that whoever has access to the flash memory card, used to keep track of the votes can determine the results of the voting on that machine: http://www.bbvforums.org/forums/messages/1954/1559 5.html?1141791589 [bbvforums.org]. No tinkering with the machine is necessary.

I would say even the submitter's point of view is not biased enough - Diebold should get a corporation death penalty [corpwatch.org] for even agreeing to provide voting machines without paper trail. This is such no-brainer, that no amount of outrage is sufficient.

Re:Diebold earned bias, but it's partly ATM protoc

[pthisis]

If the printer inside jams, it stops accepting transactions.

Well, I've never seen one jam; but I've seen them run out of paper plenty of times and keep right on running transactions.

I doubt you've seen this with the internal printer. Remember the parent said: "When you use a Diebold ATM, it prints a paper trail inside the box, and gives you a printed receipt with a transaction number that can be matched to both the internal database and to the paper trail inside. If the printer inside jams, it stops accepting transactions."

ATMs will continue running if the external receipt printer jams/runs out of paper/etc. But they stop accepting transactions if the internal printer (that prints the internal paper audit trail) jams.

Re:Voting or gambling

[zippthorne]

Actually, the answer to your question is, "yes."

Of course, you have to know about it a couple of months in advance, so an "absentee" ballot can be sent to you, but there is no requirement that you actually go anywhere to get one. They are offered to shut-ins for instance.

Re:Troubling, indeed

[jc42]

So the solution is obvious: every Diebold electronic voting machine is to be guarded by a member of that state's National Guard, with orders to kill anyone who attempts to touch the machine.

It wouldn't help. Google for "voting machine infrared port", which gets about 800,000 hits right now. It seems that at least some Diebold machines come with an IR port. This makes it possible for someone with a laptop or handheld to connect to the machine from across the room. No actual physical contact is needed.

Actually, I wonder why they do this. An IR port uses an externally-visible "antenna". With wi-fi the port can be internal, without anything visible to give away its presence. And it wouldn't need line-of-sight access, either, so it would be a lot harder to detect.

Preventing on-the-fly tampering with electronic voting equipment could be rather difficult.

I took apart an ES&S touchscreen voting machi

[goombah99]

I went to a demo-day for voting machines. When I got to the voting booth no one could see what I was doing. So I flipped over the machine, and removed the back panel. I yanked out the voting flash cards. put them in my pocket. Then I took them back out of my pocket and put them back into the machine. This was all done while two vendors stood 3 feet away watching just me. their was no curtain either, just the carol enclosure was sufficient to obsure their view.
Not making this up.

I noticed that the next time they cam to town thie newer model which has a paper logger attached no longer fit in the voting carol, So it was mounted on a stand and this would have been slightly harder to flip upside down. On the otherhand if I were a poll worker this would not have been a problem. The places where the tags and seals attach is easily defeated since you can snap out the plastic hinges.

The point here is not that you fould not make one with a better design but that they chose not to. Just as diebold chose to use interpreted code on the ballot configuration cards that has the authority to re-write the vote files.

SO it's not that you cannot make a secure system--eventually--but that there isn't even the slightest effort to attend to some mac-truck size holes. they know they are their and they prefer to hide them in propriatary obfuscation not secure them. These are not people we can just trust because they seem nice. You have every right to be 100% skeptical because every time someone looks hard we find they are not fixed right.

Re:Well, I think he got it almost right

[swillden]

I think the State Election Commision should hire and independent consultant.

And how do you know the consultant isn't in on the attempt to rig the election? Or the State Election Commission?

An election system should be designed so that no one person or group of people have to be trusted with the results of the election as a whole. The process needs to be open and public, and simple enough that anyone with a brain and interest can satisfy themselves that the thing is reasonably secure.

Except there's no way to do that with electronic voting systems.

Re:obvious problem here

[Coryoth]

Paper elections have been forged before. Why should we believe that a forgeable system makes an insecure system secure?

I think it's a question of redundant systems which can be independently verified. What would I like to see in an electronic voting system? I would like machines with a published hardware design, open source code according to full published formal requirements with a formal specification, published correctness proofs, and verification of the code against the specification, backed up by a redundant system of paper reciepts (turned in at the voting centre).

Sure, that sounds like a lot of trouble, but if ever there was a situation where all the open specifications, formal theorem proving and code verification were worth the cost and effort surely voting would be it. It provides a number of independent ways to verfiy that things are behaving correctly.

Jedidiah.

Re:It is a serious problem.

[dch24]

This is huge. I would really like to learn more about what happened in Floriday. Can you give me some sources to read?

Thanks!

Comment removed

[account_deleted]

Comment removed based on user account deletion

Why not ask Diebold.

[Irvu]

Their internal e-mails (now leaked) confirm what I said:
http://www.scoop.co.nz/stories/HL0310/S00211.htm [scoop.co.nz]

Re:Historically inaccurate

[swillden]

They even tried to move the 'voting' to a back room. You can't believe that was a good system?

Yes, I do believe that is a good system.

The difference between the situation you describe and a purely electronic solution is that in the latter you'd have no idea there were any manipulations going on.

The manual system is creaky and requires lots of oversight, lots of debate, lots of ongoing scrutiny, but at least it's *visible* (note that they tried to move to the back room, but failed).

Untill we get ID requirements to vote the machine and count error will remain much smaller then the registration error (or as they said in Chicago, 'Vote early and often').

Agreed that registration is a bigger issue. I don't think ID requirements are the problem -- at least in my state (Utah) you already have to present valid, current, government-issued ID in order to vote. The regisration issue (here, at least) isn't so much a problem of excessive voting, but of excluding people, preventing them from registering and therefore voting.