An Open Letter To Diebold 266
jcatcw writes "Computerworld's Rob Mitchell tells Diebold President and CEO Thomas Swidarski how to regain Diebold's reputation instead of throwing in the e-voting towel. He recommends full disclosure of all existing problems, a process for disclosure of future problems, hiring of some real professionals as CTO and as an advisory group, and public testing. 'Surely if Diebold can make a secure ATM there is no reason why it cannot make secure and reliable e-voting apparatus in which the public has confidence.'"
Secure ATMS? Ha! (Score:5, Interesting)
secure ATM ?? (Score:4, Interesting)
VVPTs! (Score:3, Insightful)
I don't care if it's open source, audited, proved correct, or whatever, I would probably feel more comfortable with a machine from today plus a printer.
I'm not really holding my breath on this... (Score:5, Insightful)
When did they make a secure ATM?
The customer drives security. (Score:5, Insightful)
Re: (Score:2)
I know the answer to this... (Score:5, Funny)
But, wait a minute! (Score:5, Funny)
That means there's no problems with Diebold.
Re:Secure ATMS? Ha! (Score:3, Interesting)
i have to ask (Score:3, Insightful)
Re: (Score:2)
And to think people called me a fool...
Now if I could just remember where my jars are buried...
But their voting machines ARE secure (Score:2, Funny)
Easter Egg (Score:5, Funny)
Left left left, right, A, A, C, Right, Left.
secure enough (Score:5, Insightful)
The ugly truth of voting is "lots of votes get flushed". The reason we trust our system of voting now is because we have partisan poll watchers who are making sure that the other party doesn't take liberties. In other words, little old ladies. No, all respect due to little old ladies, but do you think they feel confident being in charge of any kind of new technology? If they're wise, they won't be.
threads are dead (?) (Score:4, Interesting)
Why's poor
Detailed information is provided by these [slashdot.org] gentlemen [slashdot.org].
ATM Security (Score:3, Insightful)
Obligatory (Score:5, Funny)
oh. shit.
does that mean we like Diebold now?
at least, there's going to be lawyers crawling all over the place making sure no one got disen... wait? They aren't?
holy shit.. i'm so confused. Fsck politics.
How about starting off with (Score:2, Interesting)
Re: (Score:2)
- All hardware should be identical in every conceiveable respect using standard, off the shelf parts. No custom ASICs allowed.
- Any ROMs, PROMs as well as the OS and vote tallying software should be distribuited on a pressed CD, not a burned CD. The MD5 sums of each software package on the manufactured CD should be clearly lablelled on the front, as well as on Diebolds website, along with the MD5 of the CD image.
- The votes taken should be recorded as a plaintext log with appropri
Re: (Score:2)
Diebold IS the problem (Score:2)
I say that due to their involvement in this and the way they've handled problems this is the last group of people US citizens should be trusting with their vote.
Why electronic? (Score:5, Insightful)
Sure, cryptography, open-source, signed binaries, etc. begin to offer the transparency we need in voting, but at the moment, the expense greatly outweighs any conceivable benefits (what, no need to argue about chads?).
Paper voting works. Distributed counting means less impact from an individual case of polling-place fraud, and the paper record can be stored for a public recount where many eyes can verify the results.
Shouldn't be secret (Score:5, Insightful)
Surely there are more than enough reasons (Score:5, Insightful)
ATMs are much easier to make. The ATMs _can_ trust the bank. The user can easily verify if the ATM works or not because they leave a "paper trail" (um hello, if it wouldn't give precisely the amount of cash out that you requested, wouldn't it be a little bit suspicious and wouldn't people have noticed it?).
Voting machines cannot trust neither the user, nor the authorities and to top it off it has to be verifyable to both. In short, a much harder problem.
The requirements to verify the voting process if paper ballots are used: being a non-retarded human being and a small amount of time.
The requirements to verify the voting process if voting machines are used: electrical engineer and programmer proficient in all related languages and access to the source code, months of time verifying the voting machine, then making sure the voting machine used at the election is the same one you verified.
If you look at it from the average person's perspective: in the first case the voting process is transparent for the average person. They understand and if they want, can verify the local process. Paper voting also gives a much better accountability to the overall picture. You generally count the votes locally, then make a official log about it, send the result up in the chain. Then when the overall results are known, you can check the website or whatever to see whether the numbers up on the website about the local results match with your local results you have in your hands. I know that if they didn't it would be found out pretty quickly because at least some people do make this comparison. So now we know that the local results on the website match the local results in the local voting stations. Now you can just simply add up the local results to check the big picture, whether it matches. At least some people will do that, so you can be reasonably certain that the results are pretty accurate, because to tamper with the outcome you would have to modify things on a local level at lots of places simultaneously and since we're talking about paper you'd have to involve a lot of people so we would know about it if someone attempted it.
In the second case, even if you would have the overlapping skill requirements to verify stuff, you still need to have the time and the access. Then, votes are tabulated not at a local level, but a step above, at a regional level, so you reduced the number of places you would have to tamper with in order to skew the voting process. Since it is a complex electronic process which few people understand exactly, you can modify the results involving much less people and can do it in a much more stealthy way. Since it is electronic, carrying out the act on a wholesale level is not a problem for the bad guys. You got to ask the question one time: which is easier: simultaneously manipulating a few tonns of paper scattered across the whole country when they are guarded by thousands of people, or voting machines coming from two main sources, two companies which aren't guarded at all, or to be more precise, people are forbidden to guard them (source code-wise) and even if you would attack not at the source code level, but at the regional counting level, then it's still much easier to tamper with than with paper.
We have to face it: not even an open source voting machine is good enough. It's much easier to simplify the ballots to catch up with the only positive thing voting machines provide, than to design an electronic system capable of transparent, accountable voting. Even if you take a barebones microkernel/firmware voting machine, it is still a hundred thousand(*) times more complex than paper voting.
*I just pulled that number out of my ass, but I think most people underestimate the complexity difference between the two methods.
Why would I want Diebolt to regain its reputation? (Score:5, Insightful)
Given that:
1) the CEO, all of current management, sales and computer programmers who kept their mouths shut, remain in place,
2) the CEO being the same person who pledged to bring the elections over to the Republicans,
what would a solid reason be which would give me ANY, even tiny, reason to put ANY amount of faith, back into Diebolt?
Re: (Score:2)
It's not that I'm unhappy about that (I'm absolutely ecstatic) but I really worry that at least some of those races were decided not based on civil unrest, but instead by the Democrats learning to cheat better in the last two years.
The large number of Slashdotters that truly care about the trend our government is following shouldn't let their guard down just because the elections turned out right this time. The past two elections have proved that we hav
Re: (Score:2)
*An ex security administrator from a major bank talked about it at a security conference.
Re: (Score:2)
Welcome to the sausage factory. (Score:2)
If you knew what went into probably 90% of the products you use daily, you wouldn't want to have anything to do with them. It's obvious that Diebold's voting machines were the Grade D blood sausages of their lineup; made with the shoddiest possible materials in order to extract the maximum possible profits from an unwitting buyer. Their ATMs, I suspect, are a little better; it might not contain all the ears and noses that get tossed into their real cheap crap, but th
Re: (Score:2)
Re: (Score:2)
My Open Letter (Score:5, Funny)
After years of absymal performance, the public is understandingly distrustful of both your product and company. Don't fret, the world's expectations for the performance of the entire computer industry are quite low. Products don't even have to be good, just good enough.
So here are a few steps you can take to finally gain voter's confidence:
1. Under no circumstance should you release your source code. I know that earlier revisions have been distributed to the general public, and look at all the trouble that has caused. It is better to remain silent and thought a fool than to speak and remove all doubt.
2. Outsource, nobody ever got fired for outsourcing. Americans will celebrate knowing that many nations came together to build their democracy.
3. Encryption is an overrated buzzword. People love transparency in the democratic process.
4. Paper trails increase the price of an election for taxpayers. So do your patriotic duty and keep costs to a minimum. Besides, if the paper trail and computer result were different, it could create a lot of work and problems for your fine institution.
5. Another method to keep costs down is to minimize luxuries like manuals and support staff. Don't worry, elderly volenteers will learn how to operate and repair these systems with ease.
6. Hire a well known person to oversee my proposed inititives. I recommend Karl Rove, I'll bet he'll even pay you for this privilige.
7. To prove that the public knows that you are running this company for the love of democracy and not money, I'd recommend everyone employed by Diebold to dump their stock before doing anything else I have recommended. To get a fair price, you'll need to know about the status of the company, so build a Diebold Accounting program to count your assests (it shouldn't be too hard to fork your voting software). Remember that it is your corporate duty to release the results to the public.
To ensure that no politican could ever shut you down, claim that you have created many jobs. To bolster your numbers, claim that the dead work for you, if they can vote, why not make 'em work?
See you in 2008,
ac
I think they've got bigger problems (Score:3, Funny)
Re: (Score:2)
That means there's no problems with Diebold.
In a few weeks you'll learn that the machines were hacked to make the Democrats win... The surprise will be that they were hacked by Rove to make the Dems look like cheaters so that Jeb Bush can get elected in '08 with Lynn Cheney as a running mate.
I think you need to put your tin-foil hat back on. The rays are getting to you. And get the bong while you are up.
Re: (Score:2)
Wait, who cares if diebold *can* do it? (Score:5, Insightful)
Now, I'm all for people making a living at developing commercial software. Diebold has smart people and they can figure something out to make a buck. Heck, as far as I'm concerned, if they can meet some standards they could sell the hardware. But - the US Debt per person is $28k each [brillig.com]. Isn't there other things that we could be using the money we're spending on voting machines on? Here's some that I can think of:
Anyway, just $0.02
-n
Re: (Score:2)
Yes, that's the big problem right there. Obviously, you can't trust companies to make reliable voting machines if you don't specify good requirements that they must meet, and test for compliance.
The same problem exists in the Netherlands, where voting machines were tested and approved, yet later found to be completely insecure, so that there is no assurance at all of a reliable election process in which votes are counted correctly and not snooped upon
Re: (Score:2)
* Make the code simple and open-source.
* No last minute "patches" being applied by Diebold personnel on election day with no explanation why or review of the code beforehand. The machines should be frozen for most purposes when they're shipped and completely at least 72 hrs before election day.
* Do a "dry run" of the election equipment to make sure everything is working properly before election day! I k
Re: (Score:2)
I don't disagree with you totally, but ATMs that are not installed in banks are just as secure as those in the bank.
Making the voting machines the same way they make stand-alone ATMs, should go a long way
Is there any real chance of full disclosure? (Score:4, Interesting)
think bigger, and simpler (Score:5, Insightful)
Re:Secure ATMS? Ha! (Score:3, Funny)
Re: (Score:2)
What you will see, and some of the Democrates have said is they will be bring out thier enemies list and going after thoses just for show.
Re: (Score:2)
How about the first admendment freedom of association?
If the guy did anything to program the machines to change the votes lets have the evidence, otherwise it is just political sour grapes.
Re: (Score:2)
That's odd because both parties have been trying to take my liberties for a long time now. And they are doing pretty well at it, too.
Re: (Score:2)
I don't see how it could get significantly faster, simpler, or even cheaper.
1. A scantron sheet with four columns: Office, Republicans, Democrats, Other/write in.
Fill in the circle next to the guy you want to elect.
Screw up? Just get another sheet.
2. Put it in the machine at the exit. The Votes are instantly tallied and a simple to read paper ballot is right there for checking. No hanging chads. No screens out of sync. Easily Verified. And
damn it! (Score:2)
Those damn tags! (Score:4, Interesting)
Is Slashdot infested with mice (or other vermin) to require so many itsatrap tags or what?
Re:Why would I want Diebolt to regain its reputati (Score:2)
Public votes have no place among corporate persons (Score:4, Insightful)
You should care (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
(In before, "Sure you're not.")
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Or heck, that VOTING itself is useless. Here's how you can infer that.
First of all, either in a "pencil-and-paper only" ballot counting process or in an electronic type of voting, you still have to rely on the fact that the actual physical papers you have there ARE the papers the voters have placed in the box... or in the other case, that the individual vote count is th
Re: (Score:2)
Re: (Score:2)
Maybe they would have won more, though.
Irrational company bashing (Score:3, Interesting)
I don't know quite how it happens, but through some process, it becomes in vogue to completely hate and irrationally bash a company. For a while it was cool to hate Nike, but then people got over it. Same with the GAP. (Maybe its the millions they spend on ads.) Now the latest is for all the politicians to bash Walmart. Hillary Clinton returned Walmart's contribution to her campaign "because of serious differences with company practices." She USED to sit on the Walmart board, and it's not like they made some dramatic change in strategy. Academic studies show that Walmart provides the same kind of wages and benefits as other companies in the retail sector, but that doesn't seem to affect the Walmart criticism.
Techy people love to hate Microsoft, sometimes for good reason, but much of the stuff you read on Slashdot is beyond way out there. My impression is that the anti-Microsoft crowd is getting smaller. Nobody seriously talks about breaking Microsoft up into separate companies anymore, even though Microsoft is roughly about as dominant in the OS and office suite market as it has ever been.
PR is expensive, and I guess giving up the vote machine business may be Diebold's only way to get out of the political target sight.
Re: (Score:2)
Preventing people from being members of a party would be against the freedom of assembly.
I don't know what it's called, but it's one of the basic freedoms which is in all the basic human rights declarations i remember (french, euro, un (NOT childrens rights)).
I do agree it would be nice to have neutral people make it, but it would be quite unlawful to reject a job application due to partisanship, and even mor
Not likely (Score:5, Interesting)
Re: (Score:2)
I don't think there is any solution to this problem. As long as the govt has any power at all over people or commerce people will make sure somebody who will butter their bread are elected. They can either do this by directly bribing the politician like our current system or they can fund efforts on their system like our current system, or they can do
Re: (Score:2)
Preventing people from being members of a party would be against the freedom of assembly. I don't know what it's called, but it's one of the basic freedoms which is in all the basic human rights declarations i remember (french, euro, un (NOT childrens rights)).
I do agree it would be nice to have neutral people make it, but it would be quite unlawful to reject a job application due to partisanship, and ev
Re: (Score:2)
If this is the case (I don't really believe it) then most likely it's because walmart blazed the trail for having mostly a part time staff with no benefits. In other words they are leading the race to the bottom.
"Nobody seriously talks about breaking Microsoft up into separate companies anymore, even though Microsoft is roughly about
Re: (Score:2)
Re: (Score:2)
What the heck does that actually mean?
Elections are currently run and votes counted by government agencies (Secretary of State, country registrar of voters etc...)
Private companies supply these agencies with technology, as they ALWAYS have. Voting machines have been supplied by private companies since voting machines were invented. Voting machines have to be certified as
Re: (Score:2)
Re: (Score:2)
No, there aren't. What good is an open-source voting system unless you can verify that the hardware is running the software that it's supposed to be running. And, before you say, "use digital signatures", consider this: what verifies the signature? What compiler generated the code that verifies the signature? How do we know that the machine hasn't been tampered with? How do we know that the software doesn't have a security flaw?
Many of these que
Flawed by design (Score:5, Interesting)
Idiots. Shut up already. There were a lot of eyes on this election cycle. There was a lot of public and organized outcry about the use of Diebold software and equipment. There's a pretty good chance that any attempts to rig any of the elections were aborted.
It seems more than just a little strange to me that with all the public outcry against Diebold that it was implemented anyway. With such great public knowledge about the flaws [read: dangers] in the devices and systems, if these were cars, people would simply stop buying and driving them. The voters didn't often have any choice in the matter and when they did, it has been shown that they opted for some paper ballot form such as the absentee ballot. (There was a lot of paper balloting this cycle!)
To me, it seems like there was great resistance to KEEP the flaws in place in spite of public outcry. I'm still interested to know WHO wants to keep these flaws in place and why. I'm really wondering why people aren't asking that simple question and how that question didn't get exposed and used on the campaign trail? (Imagine a candidate campaigning with 'my opponent has ignored the public's interests by keeping these demonstrably unsafe voting machines in place!')
There were a lot of eyes on this election cycle and many people were poised to attack against election fraud. But just because democrats won of lot of elections this time around doesn't mean fraud didn't happen and that it wasn't perpetrated by democrats. I think the most significant thing here was that there were a lot of eyes on the elections. I hope we keep it that way and keep the public's interest in keeping it that way as well.
Electronic Voting Machines (Score:3, Interesting)
However, on a serious note, the Indian experience has a relevant takeaway. The EVMS are procured by a single entity, Central Elections Commission (CEC), which is similar, to the (toothless) US agency, FEC
I live in NJ, home of 600+ Boards of Education. What has this done? Drive up the cost of Education and increase property Taxes.
If FEC can procure EVMs (from different manufacturers), this will
a. drive the cost of EVMs down. (The EVM manufacturers don't have to market their wares to each individual county)
b. More importantly, FEC can demand a tougher security audit of these machinesand ensure that all the EVMs conform to a single Security mandate.
Why does only the Federal Govt. decide things like National Security & minting of currency. Becuse these are matters of vital, national importance. I can't think that the proper tabulation of votes doesn't belong in the same category.
Re: (Score:2)
For the count tabulation, I agree but technology can play a role in elections simply by providing a consistent interface to ballot creation. I have lived and voted in three different states and each state has different ballots, machines, and procedures for voting. Hell, even in the same state, different precincts have different voting tools. It needs to be stan
Re: (Score:2)
Beta Testing on Voters (Score:3, Insightful)
Diebold should be treating their voting machines with the same reverance as NASA treats their operational platforms because, like space flight, there is no second chance in an election. You cannot just restart the process and continue. If a voting platform fails, the entire election process effectively fails. Diebold needs to do the job properly the first time, and if they can't then they must be man enough to admit it, and get out of the game early.
Re: (Score:2)
And where does this friend of yours live? And how tough is the soil around there? We talking shovel or pickaxe?
Re: (Score:2)
It's all about incentives (Score:5, Interesting)
Banks have far stronger incentives to ensure the ATMs work right, and you have more recourse if something goes wrong. If you lose money because of a faulty ATM transaction, you have enough time to follow up and recover it. Whereas with a voting machine, there are tight deadlines for calling the results, and once the results are officially announced it's too late. If something goes wrong and the bank loses money via the ATM, the banks eats the cost, which gives them an incentive to ensure it does not give out too much money.
On the other hand, an electronic vote machine maker has much weaker incentives to do it right. It is actually against their interest to produce a paper trail, because that could expose the inaccuracy of the vote counts and reduce their future sales. In addition, the political leanings of the management or engineers give them an incentive to deliberately do it wrong.
The only way to give proper incentives to do it right is to (1) require a paper trail that can be recounted by humans and (2) manually count the votes from a random sample of machines, with the randomness based on a physical process like flipping coins after the polls are closed (2) order a manual recount of everything if the manual count of the sample differs from the machines by a specified margin, and (3) the supplier of the voting machines does not get paid if a manual recount is triggered.
Ultimately though, electronic voting is a solution looking for a problem. There is no need for it; other countries have shown that pure manual counting gets things done efficiently and accurately, as long as there are representatives from all major parties involved so they can watch each other. That the US is much bigger than those other countries is irrelevant; it is only required for states to report their results, and each state is not much bigger than those countries that run their elections nationally. In addition, the bigger the population of voters is the more counters you can get.
Re: (Score:2)
What happens when they screw up the candidate list and need to correct it? You know that's bound to happen, it already has in this election.
Re: (Score:2)
Re: (Score:2)
Tranax ATM hacked. Voting machines hacked. (Score:2)
Diebold voting machines are certainly not secure: Insecure voting [futurepower.org]. Be sure to watch the HBO Special, "Hacking Democracy", linked there and mentioned in an earlier Slashdot front page story.
It's not that there is specific information about hacking Diebold ATMs. It's that there is so much information indicating that Diebold is not interested in security.
Re: (Score:2)
Bureaucrats are everywhere (Score:2)
OT: Comments System broke (Score:2)
Re: (Score:2)
It can also mean that it couldn't have been hushed up anymore without revealing that the machines are bogus. Besides, did Florida vote this time? And if so, how did it turn up there?
Re: (Score:2)
Re: (Score:2)
I'm actually surprised there's so little outrage. What excuse is there for keeping the working of their machines a "proprietary secret" - when it is involved in critical democratic processes, and should belong to the American people? That's a disgusting attitude. They obviously care more about money than transparency. A decent company would do it non-profit, for the love of
Re: (Score:2)
Re: (Score:2)
To gain access to root on these machines, enter this code.
Surely: Democrat, Republican, Republican, Democrat, Democrat, Independent
Rich.
Re: (Score:2)
Notably the freedom of assembly, which is considered one of the basic freedoms.
The Government, and in extension those it hires are not allowed to discriminate against any person based solely on membership of legal organizations.
This is also why they cannot discriminate against Diebold based on the CEO being declared republican.
So if you can't discriminate against people out of fear of corruption, you have to review their work.
The need for
Voting Machines ain't ATMs (Score:2)
Furthermore, you have a business relationship with your bank. You're not your bank's
A Simple Exercise In Self-Auditing (Score:2, Funny)
A) If your picture looks like or includes any of the following objects, proceed to step C:
B) If your picture looks like or includes an
Re: (Score:2)
Re: (Score:2)
Perhaps it's because there wasn't a presidency on the line this time, or because 2004 was a wake-up call to the folks tempted to push the envelope.
Note to Author. (Score:2)
Doing so would be admitting to breaking Federal Voting Laws, not to mention several State and County Election Laws.
Diebolds only hope is a complete and transparent Redesign.
Look to Victoria (Score:5, Interesting)
They print out a standard ballot, which is deposited in the ballot box.
And they're counted by the same machines that count hand-filled ballots.
If Australia, with its complex transferrable vote system, can handle this... why can't the US?
If the Democrats won anyway (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Someone got paid to sit down and think "what's the worst case scenario & how can we resolve it."
As a result, most States have some procedures in place for completely redoing the vote.
It's expensive and unpleasant, but that's just a part of contingency planning.