Worst Ever Security Flaw in Diebold Voting Machine

WhiteDragon writes "The folks at Open Voting Foundation got their hands on a Diebold AccuVote TS touchscreen voting machine. They took it apart (pictures here), and found the most serious security flaw ever discovered in this machine. A single switch is all that is required to cause the machine to boot an unverified external flash instead of the built-in, verified EEPROM."

Diebold lobbied slashdot...

[Volante3192]

Nothing for you to see here. Please move along

That's exactly what Diebold wants you to think...

Re:Diebold lobbied slashdot...

[cmbondi]

These are not flaws, this is intentional and is part of the process of how the criminals in the white house got there and are able to stay there. Democracy ended in this country over 6 years ago.

Re:Diebold lobbied slashdot...

[rworne]

Your number is a bit low. It's more likely Democracy ended when the people running the country stopped being called "Statesmen" and became "Politicians".

BTW: The mod war on the above post should prove interesting.

Re:Diebold lobbied slashdot...

[saider]

There was a Bloom County cartoon where Opus is preparing for the debate, looking in the mirror and talking himself up. The converstion goes something like this...

--
Opus (to himself in the mirror) : Yessir, you are looking like one fine statesman.

Mirror: You're a politician.

Opus: I am not a politician! I am a statesman!

Mirror: A statesman is a dead politician.
--

Truer words have never been said.

Re:Diebold lobbied slashdot...

[paiute]

Your number is a bit low. It's more likely Democracy ended when the people running the country stopped being called "Statesmen" and became "Politicians".

Actually, the history of American electoral politics is pretty interesting. After Washington's second term, the process rapidly went downhill. No "Statesman" appears in a true reading of the times. The slander, libel, ballot box stuffing, vote stealing, etc. were common and expected. We are probably in the most inclusive, cleanest period in American history, which should tell you how bad things were.

Re:Diebold lobbied slashdot...

[kimvette]

No, it ended when only a minority of citizens bothered to register to vote, and only a minority of those actually bother to vote.

Re:Diebold lobbied slashdot...

[apotheon]

I'm a little mystified by the common belief that more idiots voting will fix anything. The problem isn't a low voter turnout: it's a low incidence of self-education about politics, and a low incidence of the ability to reason clearly, that is the problem with the US electorate.

Re:Diebold lobbied slashdot...

[nido]

... and a low incidence of the ability to reason clearly, that is the problem with the US electorate.

This is why it's important to subvert a country's system of education first, before taking over the rest of the government.

Horace Mann (instigator of the compulsory government school) was much enamored with the Prussian system of schooling, which inspired in the subjects passive obedience to the government (source: Two Hundred Years of American Educational Thought, by Henry J. Perkinson). He thought he could take the good parts of the system without the bad. Haha...

... But his [Mann's] contention is that this spirit of the system is separable from the manner of teaching itself. And here American teachers can learn much.

The Prussian schoolmaster, he [Mann] discovered, combined complete mastery of subject matter with superb pedagogical finesse. They taught from "the head," never relying on a textbook. Beginning not with abstract theories -- neither principles, rules, nor axioms -- but with objects and phenomena familiar to each child, these master teachers encompassed elements of reading, spelling, writing, grammar, drawing, and general information into every lesson. Students in the Prussian schools, unhampered by the artificial formalisms of rote memorization, enjoyed learning; the liked their teachers and held them in high esteem. The teachers rarely used physical punishment; they secured discipline through the affection and respect -- even awe -- the students had for them. The Prussian schoolmaster was the complete authority; children unquestionably accepted and believed what he said.

Horace Mann dreamed of making American teachers as authroitative as their Prussian counterparts. ... (Perkinson pg. 77. Italics in original, bold my emphasis)

See also John Gatto's Underground History of American Education [johntaylorgatto.com]. Gatto tells us in his works [edflix.org] that a Prussian "education" is exactly what we receive in the standardized government school experience.

So remember: The purpose of government schooling is the installation of obedience in the population, so the masses won't mutiny when word gets out that we're being screwed [prisonplanet.net] (this story also) in a dog-and-pony-show [m-w.com] sorta way.

Re:Diebold lobbied slashdot...

[Kadin2048]

I got another one you'll love:

Q: Does it run Linux?
A: It does now!

Re:Diebold lobbied slashdot...

[Da_Weasel]

I think the real question is: How long can I play TUX Racer off of a bootable flash card before the voting officials figure out that something is up?

Re:Diebold lobbied slashdot...

[Da_Weasel]

I beg to differ. I belive this is the worst security flaw yet:

http://video.google.com/videoplay?docid=8112825559 202389150&q=hacking+the+vote [google.com]

Re:Diebold lobbied slashdot...

[schtum]

So what you're saying is, in the old days, only a small group of elites could tamper with election outcomes. Now anyone can do it! Truly, a great day for democracy.

Re:Diebold lobbied slashdot...

[MillionthMonkey]

With Diebold, anyone can tamper with an election outcome- even you, yes you. Refer to my current sig.
It is truly an empowering experience to tamper with an election- you'll be more enfranchised than all your neighbors on your street put together.

Re:Time for drastic action soon?

[unitron]

"...until there is real fraud, in a real election, nothing is going to change."

I'd be flabbergasted if there hadn't already been. Until real fraud in a real election is detected and proven, nothing is likely to change.

Re:Diebold lobbied slashdot...

[schtum]

There have been reports [internetnews.com] of poll workers being allowed to take electronic voting machines home with them the night before the election. Even if that weren't the case, lots of people have access to these machines in the days/weeks/months leading up to the election. There's nothing about this hack that requires it to be performed the same day.

When Will Politicians Wake Up?

[telbij]

You'd think in this day and age we'd have some idea of how to create a secure voting system. Unfortunately it doesn't seem like much of a concern to the politicians. They assume computers are more secure than paper because they don't understand them. Nevermind all the computer scientists warning about the pitfalls of electronic voting. Let's just trust this Diebold sales guy over here! We know he's telling the truth because of the billion dollar contract!

Here's a hint for politicians: If in a population of 300,000,000 only 1,000,000 are capable of understanding how the voting system works, and if only 1,000 people are actually allowed to see how it works, and if there's no verifiable paper trail or any simple and legitimate verification system, then democracy is a farce.

wrong question

[BitterAndDrunk]

When will the people wake up? I suspect (some) politicians are well aware of the "flaws" found in the system.

Re:wrong question

[oyenstikker]

Not until after the people wake up.

Re:wrong question

[jandrese]

If you let all of those other people wake up first there won't be any hot water left for your shower.

Re:wrong question

[Thorsten Timberlake]

Yeah, like that was ever a problem for slashdotters...

Re:wrong question

[telbij]

When will the people wake up? I suspect (some) politicians are well aware of the "flaws" found in the system.

Good point. I guess I figured the one thing politicians should know something about is voting. If it's up to the people then we're pretty much doomed, because the American people don't know and don't care about politics. At this point we're so swamped between work and entertainment that the only way to generate political awareness is if it becomes a fad like it did in the Vietnam era. Either that or a lot more Katrina-style disasters to destroy people's television sets.

Re:wrong question

[Thuktun]

Either that or a lot more Katrina-style disasters to destroy people's television sets.

That "Hurricane Katrina" was a pretty popular reality show. It got coverage on multiple networks and got pretty good ratings. That "Bring 'Em On!" guy even had a guest appearance.

I wonder if there will be a new season of it this fall?

Re:wrong question

[955301]

you suspected correctly. The current rep, Tom Feeney, representing South Florida rigged the US 2004 election election for his post.

http://www.youtube.com/v/7WmC4grXdIk [youtube.com]

http://www.house.gov/feeney/ [house.gov]

very interesting video. The computer programmer explains what he was asked to do. He gets stupid at the end though and starts rambling off topic, but I blame that on too much time on Slashdot.

Re:wrong question

[__aanonl8035]

Did the video really need a soundtrack? When trying to convey information, I become a little irritated when their is some emotional song jingling in the background of the clipped together sound bytes that is trying to induce an emotional response.

Re:wrong question

[idesofmarch]

I missed the computer programmer. When did he talk? There was a bit about Diebold in the beginning, but nothing about the programming of the machine.

Re:wrong question

[ArcticCelt]

...well aware of the "flaws"...

A flaw? Nahh that one is definitively someone's feature.

Re:wrong question

[Y2]

When will the people wake up? I suspect (some) politicians are well aware of the "flaws" found in the system.

The world makes a lot more sense if you assume that at least a few politicians understand things things quite well.

Re:wrong question

[megaditto]

One man's "flaw" is another man's "feature". But really, hacking is not a problem if there is a paper trail mechanism in place.

Is it that hard to put a thermal printer behind a glass shield: a voter can view his vote on paper tape. The current record is hidden when the tape is fed-forward for the next voter.

Random spot-checks can ensure that a machine reported same number of e-votes as paper-votes. Say, check 500 machines at random, if they all function correctly, accept the electronic results for the whole country.

Re:wrong question

[Keebler71]

I don't understand this obsession with having a "paper trail". How does having a paper trail make the results any more verifiable? What if there is fraud in the paper trail? What if ballots are (somehow) stolen from (or added to) the paper trail container? How would one distinguish between a good electronic count with a bad paper trail, and a fraudulant electronic count with an accurate paper trail? My point is, without a third independent source, all you know is that there is a disagreement - there is

Are you serious?

[TamMan2000]

Paper trails are just as susceptible to fraud as electronic systems.

Do you actually believe that or are you just playing devils advocate?

The only measure in which that can be accurate is the binary "Is fraud possible?" measure, any measure which takes into account degree of susceptibility, paper is the hands down winner.. Just for starters, we have experience investigating paper trails. There is physical evidence left behind when a paper trail is tampered with. Tampering with the paper trial necessarily require physical access. The list of ways in which paper is demonstrably superior goes on, and on...

Re:wrong question

[Intron]

Here in backward Massachusetts I make a black mark on a card which is read into an optical scanner that also securely holds the cards. The election offcials verify that the box starts out empty and ends up with the number of votes that register on the counter on top. If they don't, they can take the ballots and read 'em through again. They can even look through them by hand to make sure the optical counters are working right.

What do you do when the all-electronic system says that more votes were cast than the number of registered voters in the precinct?

Re:wrong question

[IdahoEv]

Dumb dumb dumb. Really:

How does having a paper trail make the results any more verifiable?

The same way that checksums and parity bits are useful by telling us that digital data streams have been altered and may contain errors. Even if by themselves they can't reconstruct what the original data stream should have been - the knowledge that your data stream is corrupt is by itself invaluable.

What if there is fraud in the paper trail?

Sure, someone can steal and alter the ballot box in which the paper records were stored. But that is a physical crime far harder to pull off and more likely to leave evidence.

To successfully hack the system, the bad guy would have to simultaneously alter the ballot box AND hack the computer so that they produce identical results. That combination is much harder than just altering a ballot box, and infinitely harder than just hacking a computer. If they only pull off one, then you know a crime has been committed and the election is void.

Joe teenage computer whiz can hack a diebold machine: the vulnerabilities are published. Certainly Joe Diebold programmer can sneak in malicious code. But can the same Joe simultaneously steal all the ballot boxes, forge new ballots to match the computer's altered count, and sneak them back under the noses of the election? Probably not. That requires people on the ground in many locations at once, working very fast. It's extremely hard to cover up.

all you know is that there is a disagreement - there is no way to know for sure which count is accurate.

You know the election is invalid, and you begin an investigation instead of putting the winner directly into office. If the investigation can prove which tally was altered, you still have a good election. If it can't, you hold a new election. Either way, you prevent an invalid election from potentially putting the wrong guy in office.

In an electronic system, one hacker gets the wrong guy into office and nobody ever knows because there is no evidence to even trigger the investigation.

Re:wrong question

[vertinox]

"The people who cast the votes decide nothing. The people who count the votes decide everything." -Joseph Stalin

re: the other party

[BitterAndDrunk]

Call me Machiavellian, but I'd wager this goes across party lines. Self interest of those in power to maintain said power. Just as gerrymandering isn't a one party phenomenon, neither is vote-rigging. (1968 democrats, possibly 2000 and 2004 republicans)

Re: the other party

[scheming daemons]

Call me Machiavellian, but I'd wager this goes across party lines. Self interest of those in power to maintain said power. Just as gerrymandering isn't a one party phenomenon, neither is vote-rigging. (1968 democrats, possibly 2000 and 2004 republicans)

1968 Democrats?

If the Democrats rigged the 1968 election, they don't deserve to hold office. Richard Nixon, Republican, won the 1968 election.

oops, got the wires crossed

[BitterAndDrunk]

1960 was the suspect year for the Dems - Wikipedia entry [wikipedia.org]

1968 was the Democratic Convention riots, IIRC. (which, quite obviously, maybe I don't)

Re: the other party

[DjMd]

Oh it is worse than that...
In August 2003, Walden O'Dell, chief executive of Diebold, announced that he had been a top fund-raiser for President George W. Bush and had sent a get-out-the-funds letter to Ohio Republicans. In the letters he says he is "committed to helping Ohio deliver its electoral votes to the president next year."
Ken Blackwell (Ohio's Secretary of State (Repub)) and current canidate for Ohio Gov is the one who certifies Ohio's elections, and is the one who approved the use of Diebold's machines.
Ohio State Senator Jeff Jacobson, Republican, asked Blackwell in July, 2003 to disqualify Diebold Election Systems' bid to supply voting machines for the state, after security problems were discovered in its software, but was refused.
When Cuyahoga county's primary was held on May 2, 2006, officials ordered the hand-counting of more than 18,000 paper ballots after Diebold's new optical scan machines produced inconsistent tabulations, leaving several local races in limbo for days and eventually resulting in a reversal of the outcome of one race for state representative. Blackwell ordered an investigation by the Cuyahoga County Board of Elections; Ohio Democrats demanded that Blackwell, who is also the Republican gubernatorial candidate in this election, recuse himself from the investigation due to conflicts of interest, but Blackwell has not done so.

Re:When Will Politicians Wake Up?

[Tackhead]

> If in a population of 300,000,000 only 1,000,000 are capable of understanding how the voting system works, and if only 1,000 people are actually allowed to see how it works, and if there's no verifiable paper trail or any simple and legitimate verification system, then democracy is a farce.

That's not a bug, it's a feature. Using your numbers, that's 1000 government-approved whitew^Wsecurity auditors, and 9,999,000 potential crackers.

Politicians will wake up when President Stallman of the GNU/Hurd Party is sworn in on January 21, 2009, after taking 53% of the votes, against 47% for the OSS Party, led by candidate Eric Raymond. (Raymond credits his near-victory to having a landslide amongst the "Retired CIA/NSA Agents" demographic, on account of his party having "a more intel-friendly acronym" :)

Re:When Will Politicians Wake Up?

[mrchaotica]

You joke, but somebody seriously needs to do this. It's going to be about the only way to get the general public to notice or care.

Re:When Will Politicians Wake Up?

[gid13]

Well, yeah, a government of the people and by the people isn't going to work so well for the people when, by and large, the people are retarded and apathetic.

"I've said it before and I'll say it again: Democracy simply doesn't work."
-Kent Brockman

And no, I haven't got a better idea. Sigh.

Re:When Will Politicians Wake Up?

[Anonymous Coward]

> "I've said it before and I'll say it again: Democracy simply doesn't work."
> -Kent Brockman

This is the whole point of our form of governemnt.

The best form of government is a dictatorship with a good dictator.

The worst form of government is a dictatorship with a bad dictator.

I'll leave it to the reader to define good/bad.

What the founding father's did was set up a mediocre government. It will never be really good or really bad, regardless of what anyone currently thinks about W.

It's a standard trade

Re:When Will Politicians Wake Up?

[smokeslikeapoet]

Correct Sir, Democracy doesn't work, America's founders realized that and instituted America as a Constitutional Republic. I cringe evertime I hear a politician or judge describe America as a Democracy.

Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote.
-Benjamin Franklin

A democracy is nothing more than mob rule, where fifty-one percent of the people may take away the rights of the other forty-nine.
-Thomas Jefferson

Re:When Will Politicians Wake Up?

[Dare nMc]

>Here's a hint for politicians:

I think the politicians currently in power want to make sure a easy reliable quick voting system doesn't work (or at the least isn't trusted.) otherwise once that system is deployed it would be to easy and cheap to allow the voters to:
  A) vote on any issue directly, or worse yet (for them)
  b) call for a midterm election everytime they screw us with crap legislation, and be able to actually clean up the system.

Re:When Will Politicians Wake Up?

[powerlord]

B) call for a midterm election everytime they screw us with crap legislation, and be able to actually clean up the system.

Considering California's (relatively) recent forey into recalling their Governer, perhaps this is exactly what they are afraid of.

Re:When Will Politicians Wake Up?

[SpryGuy]

You'd think in this day and age we'd have some idea of how to create a secure voting system.

Of course we do. But you presume that security was a design goal for these machines. I put it to you that this was certainly NOT a design goal of these machines.

There's a reason that Diebold's banking and ATM machines are massively secure and auditable, and their voting machines, well, aren't either of those things.

Re:When Will Politicians Wake Up?

[powerlord]

There's a reason that Diebold's banking and ATM machines are massively secure and auditable, and their voting machines, well, aren't either of those things.

To take the "devil's advotate" position for a minute ...

Is that because ... ... ATM's have had years to go through many iterations to get to a "secure" and "reliable" system (that even then can have anomolies)? ... ATM's operate on a different set of assumptions? (installed in a permanent location, so switches like this might exist be be much more easily shielded from the public through physical security). ... ATM's do not have the privacy concern, which may take getting used to for a company used to tying a given transaction back to a given user? ... Electronic Voting Machines (EVM) have a smaller install base and have had less money spent on them for development? I suspect the average voting district (where EVMs are deployed) has more ATMs than EVMs. ... EVMs have to be much more flexable in allowing lists of candidates to be entered (for district elections + school board elections + statewide reforendums + national elections). ATMs have an established, and rather fixed set of functionality (although it could be argued that different ATMs can support different languages, the comparison is closer to every ATM needing to be set to dispense different amounts of money. So ATM1 gives the user a choice of $20, $40, $60, $100 and ATM2 gives a choice of $10, $30, $60, $200, etc.)

On a side note, does anyone know:
- What is the average cost of an ATM vs an EVM?
- What is the average expeted lifespan of an ATM vs an EVM?

Now, all those things aside, these problems need to be addressed, and my comments are NOT meant to be excuses.
All of these problems CAN be addressed through sufficient testing, an open specification and design process, or lots of trial an error / patch and release.

Guess which one the EVM manufactorers have chosen to go with?

No.

[raehl]

ATM's have had years to go through many iterations to get to a "secure" and "reliable" system (that even then can have anomolies)?

It's because if your ATM isn't secure, nobody will buy it, because they won't want to lose their money. If your voting machine isn't secure, the state government will buy it anyway.

Re:When Will Politicians Wake Up?

[hackstraw]

Here's a hint for politicians: If in a population of 300,000,000 only 1,000,000 are capable of understanding how the voting system works, and if only 1,000 people are actually allowed to see how it works, and if there's no verifiable paper trail or any simple and legitimate verification system, then democracy is a farce.

First, democracy may not be a farce, but it is clearly an ideal that is nowhere close to a reality.

Good, bad, indifferent, look at the current ratings of the guy who is the President of the

Re:When Will Politicians Wake Up?

[betterunixthanunix]

Of course electronic voting is not verifiable -- but after the numerous attempts to actually verify the vote in Florida back in 2000... George Bush barely made it into the white house to begin with, and congress is on his side. Why would anybody be worrying about a paper trail, when verifiability very nearly cost him the election back in 2000? With this new system, the supreme court will never have to instruct a candidate to stop requesting recounts, because there will be nothing to recount. But here in

Re:When Will Politicians Wake Up?

[MoneyT]

And can you prove that the scan tron printed was exactly what the voted intended (remember people were confused over the fucking butterfly ballots). Can you also prove that the scantron reported an acurate count for the double check? Can you then prove that the scantron sheets that were sent to be verified are the same ones that made it into the fireproof boxes? Can you then prove that the ones counted from the fireproof boxes are both all of the votes and the same accurate count from the original vote? Finaly, even if you can prove all of that, can you prove the voter voted for the person they wanted to win (again remember the buterfly ballots)?

In short, somewhere along the line, voting requires trust.

Re:When Will Politicians Wake Up?

[LordKazan]

A) The user gets to see the scantron, it is one that would be designed to be clearly, easily, human readable (it would take a real IDIOT to be unable to line up the damn rows.. have you ever seen a scantron?) - butterfly ballots and scantrons are A LOT different

B) There is a reason why the person casting a ballot gets to SEE and CONFIRM the contents of the scantron before depositing it in the firebox - if it's innaccurate a technician cancels their vote and they revote

C) this problem exists with any paper ballots, and it's is a matter of physical security outside the content of an electronic voting machine discussion - if your system cannot guarauntee this then your system is a fraud and you should just hand your country over to the fascists now [and no, the current US voting regime cannot even gaurantee this in all cases *cough*ohio*cough]

D) See C

E) see A

Butterfly ballots are not a valid analogy for scantrons - a simple correctly printed grid scantron can be read by a 4 year old.

Re:When Will Politicians Wake Up?

[SpryGuy]

You might want to read this: Fooled Again: How the Right Stole the 2004 Election & Why They'll Steal the Next One Too (Unless We Stop Them) [amazon.com]

Re:When Will Politicians Wake Up?

[nuzak]

Yeah, liberals and their damn documented corroborated facts. But they're LIBERAL facts and thus they're not factual.

Re:When Will Politicians Wake Up?

[AuMatar]

There's a problem- you're basing your argument on reality. And reality has a well know liberal bias. The right wing has been ignoring reality for decades due to that.

Re:When Will Politicians Wake Up?

[miyako]

Maybe it is an honest title? Being unbias can only go so far, at some point you have to call an duck a duck, you have to call evil evil, and you have to recognize that it's beyond simple idiological differences. All politicians are motivated by their own interests, but I cannot believe that anyone in the current administration has any misconceptions that they are not destroying the country for their own short term gains. I also honestly beleive that in the past, most politicians have drawn a line, they a

Re:When Will Politicians Wake Up?

[Serveert]

If he wants to sell an honest analysis he should give the book an honest title.

You can't judge a book by its cover, but I can't waste my time reading every single book out there just to find out whether or not it's been mistitled either.

What about studies from social scientists from UC Berkeley [evoting-experts.com]?

The study found counties with e-voting tended to tilt toward Bush, even after controlling for differences between counties including past voting history, income, percentage of Hispanic voters, voter turnout, and county size.

Then there are peer-reviewed studies [uscountvotes.org] from statisticians and mathematicians which show "Irrefutable Evidence of Vote Miscount" in Ohio's 2004 elections.

Here's an exerpt:


Ohios exit poll discrepancy pattern includes three precincts with virtually impossible outcomes and an
unusually high number of precincts with significant discrepancy.1

Re:When Will Politicians Wake Up?

[Thuktun]

From one of the linked pages:

• Broward Co., FL - ES&S software on their machines only reads 32,000 votes at a precinct then it starts counting backwards (see this update): http://www.news4jax.com/politics/3890292/detail.ht ml [news4jax.com]
• # Guilford Co., NC - ES&S equipment "could report only about 32,600 early and absentee results". This seems very similar to the case above, (see this update) save that Guilford Co. uses optical scan for it absentee voting and may use the older Votronic system for early voting (although it would make a more consistent story if they used optical scan for all absentee and early voting).: http://newsobserver.com/news/story/1852104p-817980 2c.html [newsobserver.com]
  

How interesting. Counting on a 16-bit signed integer (two's complement) and dropping the sign during formatting would do that:

7FFB => 32763
7FFC => 32764
7FFD => 32765
7FFE => 32766
7FFF => 32767
8000 => 32768
8001 => 32767
8002 => 32766
8003 => 32765
8004 => 32764
8005 => 32763

Lever action!

[andrewman327]

How do all of the other devices made by this company still work? They are not just a voting technology firm, after all.

I attribute most of these errors to poor design, not anything intentional. Personally I like the old fashioned lever machines my district uses. It is very hard to hack those, I hear. Unlike computers and paper cards, you never hear bad things spoken about lever voting machines.

Re:Lever action!

[markwalling]

my district switched to electronic from lever based. in 2004, at 715 when i voted on lever machines, there was no line, and just about as many signatures in the book. in 2005, the line was out the door and around the corner at the same time. the person in front of me took 5 minutes to use the electronic machine. people knew how to use the old machines, and they were reliable. these new things take the old people for ever to use, and then they complain that they were hard to read...

Re:Diebold - Designed for fraud.

[cmd]

Diebold also builds automated teller machines (ATM), the definitive model for reliability and accountability.

The AcuuVote machines are what they are, not due to poor design or unintentional mistake. They are the result of a deliberate intent to enable fraud on a massive scale. Viewed from this perspective, the AccuVote design is very good. The real problem comes when Diebold realizes that it needs to become better at obfuscation and makes it harder to detect the fraud.

"IN mid-August, Walden W. O'Dell, the c

Re:Diebold - Designed for fraud.

[smbarbour]

It actually a bit of a paradox. By implementing better obfuscation, the code becomes unreadable, and therefore cannot be certified as being accurate.

Maybe the solution is to take it to a higher level and reinvent the wheel, so to speak.

Design it from the ground up. Special use processors, memory, OS, communications protocols. Redesign everything from scratch. Make it completely unique.

If it doesn't run code that works on ANY other platform, then no one outside the company can write code for it. (Unless

Re:Lever action!

[drooling-dog]

I attribute most of these errors to poor design, not anything intentional.

Poor design? This sort of thing can hardly be a complete accident, although I doubt I could prove that it was done deliberately to enable election tampering.

Circumstantially, however, this is the same Diebold whose CEO wrote a memo before the last election promising to "deliver the vote" for Republicans all over the country. He may not have meant anything nefarious by that, but it is a very peculiar thing to say for the CEO of a compa

Not a bug, but a feature

[pieterh]

Electronic voting machines with no paper trail are an insult to democracy. That they come with switches to bypass even the dubious "safeguards" provided is hardly a surprise.

"AccuVote"

[truthsearch]

a Diebold AccuVote...

At least their marketing department has a sense of humor.

Re:"AccuVote"

[Vengeance]

Heh, yeah. It's right up there with 'Nev-R-Break' hydraulic hoses.

Let's switch to American Idol call-in voting

[192939495969798999]

There are many good reasons to switch to American Idol call-in voting.
1. They still have the electoral college, so it's not like a spam vote will elect the "wrong" candidate.
2. Since the NSA monitors all phone calls, they could track cheaters really easily, compared with this mess we have now.
3. Way more voter participation, you don't have to go anywhere, you just call in with your social or something, etc.

Mirror early, mirror often

[Anonymous Coward]

This is Diebold. Mirror early, mirror often. They love to sue critics like these. Wget may be the only way to save history.

yarrr

[not already in use]

Any company with devotion to a fair and secure voting system would not make such an obvious oversight. If it was in fact an oversight, it shows that Diebold is far too incompetent to be creating voting machines. You would also think that a company in charge of something so important wouldn't show blatant partisanship either. Why are they still employed?

Re:yarrr

[Hrodvitnir]

Diebold is Oceana's voting solution. Diebold has always been Oceana's voting solution.

Re:Partisanship?

[not already in use]

In 2003 Walden O'Dell CEO of Diebold said in a letter to Ohio Republican officials that he was "committed to helping Ohio deliver its electoral votes to the President". http://en.wikipedia.org/wiki/2004_U.S._presidentia l_election_controversy,_voting_machines [wikipedia.org] Of course, no matter what line of work you're in you have a right to support whoever you wish, but as the head of a company in charge of making voting machines, it may be in your best interest to appear bipartisan. Stupid stupid stupid...

Bug or Feature?

[Doc Ruby]

I thought the biggest flaw was their certification by states for use in actual elections.

What's wrong with paper ballots?

[slofstra]

Sorry, I have never seen the point of these machines. Paper ballots are auditable, user friendly, and if electronics is put into the reporting system, can be counted in a few minutes and submitted. Voting machine are a perfect example of a technology fetish at work. It would make an interesting case study to examine the economic and sociological reasones why we sometimes buy technology that we don't need, don't want and further, serves no useful purpose.

Why?

[Iamthefallen]

Has anyone answered the question regarding need for automated vote counting in a satisfactory way?

Seems to me that manual counting of votes would be vastly more secure as it would take a huge conspiracy to affect the result either way.

Counting a hundered million votes is hard, counting a thousand votes in a hundered thousand locations is easy.

Physical access ALWAYS means all bets are off.

[Anonymous Coward]

This article is a little high on the hype. The general rule is that if you have physical access to any computer system you can compromize its security.

Don't you think that a flaw that would allow people to vote multiple times or a flaw in the security by which the voting machine uploads results to the central server or flaws in the central server itself are worse than this.

Gee, we have physical access to the guts of a machine and we can do things to it. I'm not terribly impressed.

so what?

[enjahova]

You must never be impressed. How can we have a secure election if nobody can physically access the machines? If thats not what you want, we will never have a secure election. I can accept that, but what I can't accept is a private corporation exerting its influence on the election process by directly affecting the machines that count our votes.

This is "impressive" because it shows either incompetence or bad intent. Sure physical access can mean compromising a computer, but that doesn't mean you have to make

Not the worst.

[pavon]

I don't see how this is the "biggest security flaw ever discovered. Any system will have some method of flashing new code if you have access to the hardware, and while this makes it a little easier, it is not as big of a deal as they make it out to be. After you verify that the system has the correct (independently audited) code loaded into it, you put a tamper-proof sticker on the case, and call it good.

This is nowhere near as bad as the bugs that allowed exploits though the normal user interface, or the fact that the way the votes are stored allows easy tampering by election officials, or the fact that there is no way to recount or verify that the recorded votes are correct.

This is something that can be improved upon, but it isn't a fatal flaw and certainly not one of the main reasons that Diebold machines should be banned.

Worst ever?

[Red Flayer]

Not to pick nits here, but whether or not a voting machine is trustworthy is a boolean variable. Either it's trustworthy, or it is not (and therefore worthless).

As far as I'm concerned, every election using any machine found to be compromisable should be invalidated, and a paper ballot revote should be held.

If you don't trust $[POLITICALPARTY] with your democracy, why should you trust the men behind the curtain?

If you value your country, you need to be

[PotatoHead]

more aggressive on this issue.

Electronic Voting machines are not a trustworthy technology. They can be made reasonably trustworthy, but only with significant and constant public involvement and oversight. The core element to this happens to be our requirement of anonyminity for our votes. Being unable to link votes to voters means we must then capture the actual votes themselves if we are to be sure the election is just and true.

Roughly 80 percent of Americans will be using these machines in the coming elections. That should scare the tar out of every one of you, regardless of your political bent.

In 2004, this number was about 30 percent and the problems were so great, we really have no assurance our election results actually reflect the will of the American people, whatever that may be.

Think of it this way. Let's say I'm the voting machine counting votes. You tell me what your vote is, and I update my mental count. Can you see that I updated the count correctly? I could report your vote back to you correctly, yet still maintain a different internal count. There is no way to really know is there? That's the problem we face with electronic votes.

The votes are encoded into states stored on devices nobody can directly observe, other than via the proxy of other electronic technology. Essentially, we are voting by proxy when we vote electronically. Without an accounting in the form of a serial voter-verified paper record, or the use of vote storage that is both human and machine readable, we cannot oversee the election results in a manner that brings confidence to the whole affair.

These machines are general purpose computers for the most part. We all know how easily these things are tinkered with because it's what most of us do! Biggest problems are:

-no direct accountability on elections officials to actually hold a just and true election. Technology can and will be blamed for problems, leaving these folks off the hook for failed / unjust elections. Not good. Where the incentive for corruption and manupulation exists, you can bet it's happening. There is too much at stake for it to be otherwise.

-poor understanding of the core technology differences between paper voting and electronic voting. I summarized it above and have a longer, easy to understand, paper here. Mail it to your legislators along with a request for their position on the matter. If you do the mailing, please also do the request. That forces a response, which helps increase the overall perception of the importance of the issue. http://www.opednews.com/dingusDoug_112604_electron ic_voting.htm [opednews.com]

Said poor understanding extends to all of us really, legislators and citizens alike. Too many people consider electronic data processing systems as being better than they actually are. Consider this: If they are so infallable, why do ATM machines deliver receipts? Also, be careful about ATM comparisons. The primary difference between an ATM machine and an electronic voting machine lies in the anonymous nature of voting. ATM transactions are keyed to people, electronic voting records are not --thus the need for a voter-verified paper trail.

What do we need to ask for?

Voter verified paper trails that are human readable, serial in nature and easily handled / processed for recounts. Flimsy, thermal rolls that can discolor from improper storage and or handling won't cut it.

Audits at the precinct level. These can catch abnormalities easily and quickly before too much damage is done. Use the paper record to verify issues and act accordingly.

Strong exit polling. Notice how that is being downplayed now? The reason is simple. In 2004, the exit polls did not jive with the voting records, yet we have been exit polling for a good long time. The differences did not appear in this way until the advent of the electronic machines.

Legislation that reinfo

Constitutional Amendment needed

[snowwrestler]

The government being of, for, and by the people, each ballot cast in a public election for federal office shall produce a physical ballot able to be read and counted by a human unaided by electronic computer.

Tamper seal??

[Midnight Thunder]

Given taxi meters and electricity meters both have tamper seals, you would have thought that these would have visible tamper seals as well. If in doubt you could even have two tamper seals: one from Diebold and another from the voting commission, in order to ensure that both parties are satisfied with the state of the machine.

Voting in the USA

[slashflood]

20 Amazing Facts About Voting in the USA [nightweed.com]

Everyone who says that Diebold is too incompetent to create a secure voting maschine is following the wrong trail.

Re:Voting in the USA

[geek2k5]

I would say that Diebold is competent enough to create a secure voting machine that would take a high level of expertise to spoof. Unfortunately, almost by definition, Diebold would be competent enough to create a spoofable voting machine that could be programmed remotely and capable of 'fixing' elections. The opportunity exists, even if the company, or even renegade employees of the company, don't do it. I will assume that they are innocent until proven guilty in a court of law. But I sometimes wonder,

New voting machine design

[ajs318]

I have designed a Direct Recording Mechanical vote recording, anonymising and counting machine. It uses no electronics. It can be scrutinised right up until it is required for an election. You can see your vote going through.

The machine is based around mechanical, add-only tally counters. A column of these are mounted in a transparent polycarbonate housing, one for each candidate and an extra counter for total votes. The candidate counters are surrounded by etched plastic which transmits light but prevents anyone seeing exactly what is behind it. Over each counter except the total counter is a shutter, and a large button. Depressing the button retracts the shutter. If the button is released it will return partway, but the shutter will remain retracted and all the other buttons are now locked: the only way to clear the machine is to depress the button fully. This will advance the adjacent counter and, by means of a slotted bar linkage (which is visible through the clear polycarbonate), also advance the total votes counter. After this, the machine must be primed for another vote by the Presiding Officer: this would probably be done remotely by means of a Bowden cable.

These machines could be made available for scrutiny almost right up to the election. Anyone can observe that the system allows only one vote per priming operation, that the candidate and total vote counters advance together, and that no other counters are advanced. (For this operation, the shutter mechanism can be modified by removing the actual shutter from the moveable supports; thus allowing full observation of all counters. In an election situation we do not really want to give away the number of votes for each candidate so far, so all but the one being voted for are obscured. The etched plastic nonetheless would allow one to see the counter changing even if one could not see what it changed from or to.) At the opening of polling, the numbers on each of the counters are recorded, signed by witnesses, sealed in an envelope and attached to the machine. At the close of polling, all shutters are retracted to read the figures. The original figures are subtracted from the new figures to give the numbers of votes, which can be checked against the total.

Note there is no possibility of post-election verification; since anonymisation, recording and counting are done in one operation. This also obviates any need for post-election verification, since one can be satisfied from having examined the machine before an election that it functions as intended and only as intended. A number of people working in concert might be able to discern an approximate result, but this IMHO is much less insecure than e.g. issuing voters with a record of their vote.

Las Vegas Slots

[Sqreater]

All this has been addressed by the suppliers of Las Vegas casino slot machines. Why not just use them to build the machines?

The fix is already in

[GodfatherofSoul]

This shouldn't be news to Americans. If you've paid attention to the antics in the last 3 election cycles and the discrepancies between exit polling and actual results, you'd know what's going on. Same thing just happened in Mexico. Expect it to happen here in November. Democrats leading in races by 5% or so, then a miraculous Republican turnout (contradicted by all polls) will maintain their majority. Anyone who protests the results or points out election day shennanigans will be ostracized by the "liberal" media as a whiney sore loser. Welcome to Oceania.

Not the worst yet...

[bhmit1]

It won't be long before someone finds a while to build a targeted virus for these machines that changes the counters on that machine and all other machines it can reach on the network. And I won't be surprised when it's as simple as inserting one of those cards in the front of the machine and is done while the hacker is given privacy to cast their vote. The only question is if someone is good enough to do that, will we be good enough to find out, especially if the virus/worm is only memory resident so there aren't any traces.

Checks & Balances

[TheDarkener]

...and the lack thereof is what really sickens me.

You can't ever trust a computer, no matter what, ESPECIALLY in such an important thing as a governmental election. We *need* checks and balances.

1) Vote with electronic voting machines.
2) Receive a paper reciept with a 'checksum' of sorts that add up to your specific votes (this is the only pitfall right now, since obviously printing a paper reciept is WAY too complex to code by Diebold programmers)
3) Submit your checksum to any number of third party, independent voting "Check & Balance" websites. These sites can independently tally votes from citizens in each voting district, and if descrepencies occur between the official count and any number of these sites, secondary validation routines/alerts can occur.

Why would this be such a hard solution? I'm sure any number of you can code a simple database/website that tallies citizens' votes. I'll do the hosting for free.

Let's open source this muther f*cker, whether they like it or not!

Why Automated Voting Machines Anyway

[Maclir]

Now, is there a single convincing reason why the simplest, most secure and easily verifiable system - paper ballots - aren't used? Why all the machines? Lever, butterfly ballots, electronic... What problem is it that these systems are meant to solve?

I suspect it is a combination of "We want some result in an hour or two - we are too impatient to wait for it to be counted properly" and "We want a system that we can manipulate without any audit trails."

This is NOT a reason to register absentee

[WillAffleckUW]

Because absentee voters get a paper ballot that is not only delivered by a trusted source - the US Post Office - who have a verified date/time stamp - and that the ballots can be audited, traced, and verified - now THAT is a reason to register permanent absentee.

Today.

Re:This is NOT a reason to register absentee

[JDAustin]

I suggest you take a look at the research into the recent Washington state elections done by SoundPolitics.com. They verified close to a 20% error rate in absentee balloting. The signature verification on absentee balloting is no verification at all due to non-verification being done by those who count the ballots. Additionally, the USPS is not a trusted source, they are just another government beuacracy. The ballots themselves cannot necessarly be traced nor verified and even when the signatures are completly different, they are still counted. Due to the nature of voter rolls, duplicate ballots are sent out all the time due to slight variation in a persons name and the duplicate ballots counts are not caught until after the final tally has been done and the election finished. Finally, mischivious gov officials can always delay sending the military their ballots so those serving overseas do not have time to get their vote in on time. This actually happened in 2004 in Washington state.

Permanent absentee is not the solution. Neither is electronic voting.

The true solution takes elements of the recent Mexican election to prevent fraud (voter id cards, thumb inking, precinct based monitoring and tallying) and combine them with the best paper based voting machine.

A Depressing Comparison

[PunkXRock]

Here's a depressing comparison, showing the rules surrounding slot machines in Vegas vs. voting machines:

Vegas vs. Electronic Voting Machines [washingtonpost.com]

Slot machine standards are much tighter

[Animats]

The Nevada Gaming Control Board has technical standards for slot machines. [nv.gov] They've had enough fraud over the years that they know what has to be done. Some highlights:

• ... must resist forced illegal entry and must retain evidence of any entry until properly cleared or until a new play is initiated. A gaming device must have a protective cover over the circuit boards that contain programs and circuitry used in the random selection process and control of the gaming device, including any electrically alterable program storage media. The cover must be designed to permit installation of a security locking mechanism by the manufacturer or end user of the gaming device.
• ... must exhibit total immunity to human body electrostatic discharges on all player-exposed areas. ... A gaming device may exhibit temporary disruption when subjected to electrostatic discharges of 20,000 to 27,000 volts DC ... but must exhibit a capacity to recover and complete an interrupted play without loss or corruption of any stored or displayed information and without component failure. ... Gaming device power supply filtering must be sufficient to prevent disruption of the device by repeated switching on and off of the AC power. ... must be impervious to influences from outside the device, including, but not limited to, electro-magnetic interference, electro-static interference, and radio frequency interference.
• All gaming devices which have control programs residing in one or more Conventional ROM Devices must employ a mechanism approved by the chairman to verify control programs and data. The mechanism used must detect at least 99.99 percent of all possible media failures. If these programs and data are to operate out of volatile RAM, the program that loads the RAM must reside on and operate from a Conventional ROM Device.
• All gaming devices having control programs or data stored on memory devices other than Conventional ROM Devices must:
  (a) Employ a mechanism approved by the chairman which verifies that all control program components, including data and graphic information, are authentic copies of the approved components. The chairman may require tests to verify that components used by Nevada licensees are approved components. The verification mechanism must have an error rate of less than 1 in 10 to the 38th power and must prevent the execution of any control program component if any component is determined to be invalid. Any program component of the verification or initialization mechanism must be stored on a Conventional ROM Device that must be capable of being authenticated using a method approved by the chairman.

  (b) Employ a mechanism approved by the chairman which tests unused or unallocated areas of any alterable media for unintended programs or data and tests the structure of the storage media for integrity. The mechanism must prevent further play of the gaming device if unexpected data or structural inconsistencies are found.
  (c) Provide a mechanism for keeping a record, in a form approved by the chairman, anytime a control program component is added, removed, or altered on any alterable media. The record must contain a minimum of the last 10 modifications to the media and each record must contain the date and time of the action, identification of the component affected, the reason for the modification and any pertinent validation information.
  (d) Provide, as a minimum, a two-stage mechanism for validating all program components on demand via a communication port and protocol approved by the chairman. The first stage of this mechanism must verify all control components. The second stage must be capable of completely authenticating all program components, including graphics and data components in a maximum of 20 minutes. The mechanism for extracting the authentication information must be stored on a Con

C'mon /., let's talk tech

[Soong]

I am a software engineer on emebedded systems. I see a lot of boards like this.

The ability to boot from different sources is a normal debugging feature, not in itself sinister. Should they have cleaned that up on the production model? Yeah, sure. But verifiability is ultimately a human concern anyway, not a tech one.

It all comes down to who you trust.

If you don't trust the polling place, make the voting machine tamper proof.
But then you have to trust the guy who built the voting machine.
You have to trust the guy who loaded the software on it at the factory or the elections office.
You have to trust the guy who wrote the code. Even if you inspected the code, you have to trust him to give you a binary based on that and not pull a fast one.
You have to trust his compiler to give him a binary without compiled in back doors.
I feel like I probably haven't listed all the points where this voting machine chain of trust can break down.

On top of all that, voting machines are not cost effective [bolson.org] vs hand counted paper ballots. So, I advocate for no voting machines.

but..

[BlackCobra43]

how will that ever happen WITH these flaws already in place? Diebold machines have been used numerous times already...

or...

[JebusIsLord]

About the only way a Libertarian, Green Party, or even Democratic candiate will win will be if they ever fix these things!

Re:About the only way they'll ever "fix" these thi

[PeeAitchPee]

Not so sure about that. Here in Maryland, our (Republican) governor budgeted $20,000,000 to allow us to use paper ballots instead of the Diebold crap -- and he was shot down by our State Senate (democrat)and prinicpally by our State Administrator of Elections, who claimed that going back to old-style ballots would "stifle development."

I'm sure you can find the parties flip-flopped in other states. The point is that if a) people actually gave a shit and b) people really understood the issue instead of blindly assuming "computer = good, paper = bad," any cronyist jackass who supported Diebold would get booted stratight out of office next election -- assuming their evil scheme hadn't yet been implemented. ;-)

Re:Diebold makes ATMs also

[meringuoid]

I wonder if their ATMs have similar "features"?

Of course not. Banks are very insistent that their ATMs report withdrawals accurately. Money is important. Votes, though... I mean, what's the worst that can happen if you miscount votes slightly? You'd only end up with Kodos instead.

Re:democracy

[pe1chl]

The difference is that with a paper voting system there are a lot of participants. For election fraud you need very many persons to know and participate.
With electronic systems, it is possible to modify something in the sofware with only very few people knowing and participating, and still have influence on the end result.

It is of course much easier to have 3-10 persons work with you, than 10.000

Re:Election Fraud and Diebold

[homer_ca]

In the case of a hand counted paper ballot, all that is neccesary to commit fraud is a switch of the actual ballots prior to the tally. With the TSx machine (with the attached printer) the audit log of the election (including timestamps and actual votes cast) is present in 3 locations (the actual voting machine, the memory card, and the written record). In order to withstand an audit, all three of these items must be altered to perfectly match the result whereas with paper ballots there is only one record that must be altered.

While it's obviously true that the machines could be programmed in advance to fix an election, keep in mind that voter registration is a completely different process from the actual vote tallying, and that voter turnout is still done by hand. In order for the electronic record to be altered, it would have to be done in such a way as to mirror the actual voter turnout PER POLLING LOCATION, a number which is independant of the voting machines and in any jurisdiction of consequence this number would be effectively impossible to predict. In the case of hand count you need only have a total number of ballots cast as there is no tracking of the votes per polling location whereas with the voting machines this record is kept in each machine.

That may be true, but it only protects against vote stuffing, not vote flipping. By vote stuffing, I would include overwriting the database with a new file. Malicious code could contain an algorithm to flip a small percentage of votes while they're being cast. In that case, the total number of votes in the machines will equal the number of voters who signed in with the pollworkers. A VVAT will protect against that though, if the paper receipts are actually audited.

You are correct about process and oversight being more important than any technical vulnerabilities.

Re:Election Fraud and Diebold

[amper]

You seem to have put at least *some* thought into the issue, but I can easily envision scenarios by which the points you made in your post would be effectively irrelevant. I will present one such scenario, briefly, here.

First of all, I would would like to say, as an aside, that the United States of America is not, and has never been, a "democracy". It is, in fact, a federal republic. Although this idea may seem to many to somewhat irrelevant to the topic of election fraud, it is relevant in that the federal system, in and of itself, provides easy paths to successful tampering of election results, particularly for the Republican/Conservative faction. The fact that the country has long been divided between relatively conservative rural districts/states, and relatively liberal urban areas is a side effect of the federal system that reinforces this possibility. Also of note is the electoral college, which ensures vastly greater proportional representation for those rural constituencies.

The mechanism I will describe *could* be used by either Party, but the real makeup of the country makes this mechanism far more effective in practice for the GOP.

Now, your assertion that election results, if tampered with, would need to effective mirror the actual voter turnout is not particularly relevant. The actual total number of votes cast is not in question--what *is* in question is the content of the individual votes, themselves.

Say, for example, I was a Republican sympathizer in the last two US Presidential elections, and I had a desire to attempt to tamper with the reported results in order to ensure victory for my Party. What I would do is not to attempt to disenfranchise liberal/Democratic voters in urban areas, but boost the tabulation of conservative/Republican votes in rural districts. Remember that by changing one vote, the effect in the tabulation is effectively doubled, assuming the total number of votes cast does not change. It is highly likely that in a district that has traditionally heavily favored Republican candidates, a slight reduction of Democratic votes and corresponding slight increase in Republican votes will go entirely unnoticed, especially in an environment where extreme partisanism has resulted in somewhat increased turnout for the Republican faction.

Given that there are many more rural conservative districts than liberal urban districts, such a slight change would be compounded by that number of districts where it would be possible to effect that change such that the overall results for any particular state could be changed dramatically. This mechanism would also be most effective in states such as Pennsylvania, Ohio, and Florida, where the balance, in terms of overall numbers of voters on either side of the aisle is close. Such an effect could easily swing one of these states to one side or the other. Although Ohio received the bulk of the scrutiny in the 2004 election, it is worth mentioning that Pennsylvania was decided by a smaller margin than Ohio.

The election machines used thus far have no *voter verifiable* paper trail, even, as far as I have been able to determine, the TSx series. A paper trail seems to be kept with these machines, but as it is not voter verifiable, it is as easily modified as the results stored in memory. Again, the actual number of changed votes in any particular district could and probably would, be statistically small in relation to the overall number of votes cast.

Even an incompetent programmer would have no trouble writing a routine to accomplish such an end, and the only point of intrusion required is before the point of delivery of the machines to the local election commission. Of course, as we have seen in past elections, the possible points of intrusion are many and varied.

I do agree with you, however, that it is the process that is mostly at fault, rather than the individual technologies.