PDA

View Full Version : DieBold Redux


ndebord
September 22nd, 2006, 09:06 AM
DieBold Redux

http://www.rawstory.com/news/2006/New_RFK_Jr._article_Will_election_0921.html

They have more honest elections in Thailand it seems. At least there, the coup is visible.

Judy G. Russell
September 22nd, 2006, 03:23 PM
It is all a little -- a lot -- scary...

sidney
September 22nd, 2006, 07:11 PM
It gets worse and worse. You may have seen the recent reports of a security analysis of Diebold voting machines that found that it is possible to introduce a virus on it through the memory card, and that they contain a slot on the mainboard for an alternate firmware memory card, so that besides any other security measure or security misfeature it might have, a few minutes and access to the machine is enough to plug in new programming to make it do whatever you want. Well, here is the latest, as quoted in the Risks Digest newsletter:

-- begin quote --

Subject: Hotel minibar keys open Diebold voting machines

The access panel door on a Diebold AccuVote-TS voting machine --- the door that protects the memory card that stores the votes, and is the main barrier to the injection of a virus --- can be opened with a standard key that is widely available on the Internet. ... we did a live demo for our Princeton Computer Science colleagues of the vote-stealing software described in our paper and video. Afterward, Chris Tengi, a technical staff member, asked to look at the key that came with the voting machine. He noticed an alphanumeric code printed on the key, and remarked that he had a key at home with the same code on it. The next day he brought in his key and sure enough it opened the voting machine.

See Ed Felten's blog:
http://www.freedom-to-tinker.com/?p=1064

-- end quote --

Lindsey
September 22nd, 2006, 10:22 PM
The access panel door on a Diebold AccuVote-TS voting machine --- the door that protects the memory card that stores the votes, and is the main barrier to the injection of a virus --- can be opened with a standard key that is widely available on the Internet.
Geez. I think the "combination" coin bank I had when I was a kid -- a freebie from the bank where I had my account -- was more secure. :cool:

--Lindsey

sidney
September 22nd, 2006, 11:15 PM
And to provide a fair and balanced view to this thread, here is the Diebold poster ad campaign (http://homepage.mac.com/rcareaga/diebold/adworks.htm) for your enjoyment :)

Lindsey
September 23rd, 2006, 12:08 AM
ROFL!!

Jeff
September 23rd, 2006, 12:32 PM
Oh, that is good!

Judy G. Russell
September 23rd, 2006, 10:45 PM
ROFL!!! I particularly like the disclaimer.

ndebord
September 30th, 2006, 01:04 AM
Sidney,

And now the latest on Diebold concerns the 2002 elections in Georgia.

http://www.rawstory.com/showarticle.php?src=http%3A%2F%2Fwww.atlantaprogre ssivenews.com%2Fnews%2F0091.html

"Top Diebold corporation officials ordered workers to install secret files to Georgia’s electronic voting machines shortly before the 2002 Elections, at least two whistleblowers are now asserting, Atlanta Progressive News has learned."

Judy G. Russell
September 30th, 2006, 09:09 AM
"Top Diebold corporation officials ordered workers to install secret files to Georgia’s electronic voting machines shortly before the 2002 Elections, at least two whistleblowers are now asserting, Atlanta Progressive News has learned."Interesting, but the specific news source isn't the most objective...

sidney
October 2nd, 2006, 08:30 AM
And now the latest on Diebold concerns the 2002 elections in Georgia

And if you want the absolutely freshest news, here is an excerpt from a 2008 news article (http://www.avantnews.com/modules/news/article.php?storyid=281)

In a dramatic development that has come as a surprise to pundits and the public alike, a youthful technician with Diebold, Inc. has emerged as the unlikely winner of the 2008 U.S. Presidential election. The president-elect, 19 year old Billy Pustule of Green, Ohio, reached via SMS at the garage apartment by his mother's house in which he currently resides, said he was "real psyched about being the president" and "had big plans for the inauguration party".

And while you're at the future news web site, check out this one from 2010 on Former President George W. Bush Credited With Saddam Hussein Acquittal (http://www.avantnews.com/modules/news/article.php?storyid=280)

Judy G. Russell
October 2nd, 2006, 09:06 AM
Oh ROFL!! What a clever site... and how stingingly bitterly funny!

ndebord
October 23rd, 2006, 10:28 AM
Interesting, but the specific news source isn't the most objective...


Judy,

Update ad infinitum.

"Diebold source code leaked again
Another breach on the e-voting front as elections near"

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=government&articleId=9004339&taxonomyId=13&intsrc=kc_top

Judy G. Russell
October 23rd, 2006, 05:28 PM
Oh geez... this is really Not Good...

ndebord
October 25th, 2006, 10:58 PM
Oh geez... this is really Not Good...

Judy,

A related aside:

What does Rove know that we do not?

http://www.rawstory.com/news/2006/Rove_dukes_it_out_with_NPR_1025.html

Rove claimed that the polls "add up to a Republican Senate and a Republican House."

"You may end up with a different math, but you're entitled to your math," Rove said. "I'm entitled to 'the' math."

ndebord
October 25th, 2006, 11:03 PM
An update on evoting machines

http://www.prospect.org/web/page.ww?section=root&name=ViewWeb&articleId=12135

Judy G. Russell
October 25th, 2006, 11:21 PM
An update on evoting machines
http://www.prospect.org/web/page.ww?section=root&name=ViewWeb&articleId=12135Definitely disconcerting...

Judy G. Russell
October 25th, 2006, 11:24 PM
What does Rove know that we do not?Hopefully, nothing.

ndebord
October 27th, 2006, 12:24 PM
Hopefully, nothing.

Judy,

Unhopefully, the codes to the evoting machines.

<sigh>

MollyM/CA
October 27th, 2006, 10:15 PM
There was an excellent interview on NPR this morning, with a computer professor who specializes in cryptography and security. He went way beyond the software issues and more sensibly than anyone I've ever heard. Some of you could hear it streaming:

Rubin on Diebold (http://www.npr.org/templates/story/story.php?storyId=6393573)

Judy G. Russell
October 27th, 2006, 11:09 PM
Unhopefully, the codes to the evoting machines.That is the fear, for sure...

Judy G. Russell
October 27th, 2006, 11:11 PM
There was an excellent interview on NPR this morning, with a computer professor who specializes in cryptography and security. He went way beyond the software issues and more sensibly than anyone I've ever heard.Fortunately the election folks are starting to catch on. Unfortunately it may be too late for this year.

sidney
October 27th, 2006, 11:44 PM
Rubin on Diebold

Avi Rubin has a wonderfully funny but scary video clip (10MB QuickTime) (http://avirubin.com/vote/dailyshow.mov) from The Daily Show back in 2004 about a security researcher's results studying the Maryland Diebold system.

And here's yet another recent article, this one from ArsTechnica How to steal an election by hacking the vote (http://arstechnica.com/articles/culture/evoting.ars). An excerpt:

In all this time, I've yet to find a good way to convey to the non-technical public how well and truly screwed up we presently are, six years after the Florida recount. So now it's time to hit the panic button: In this article, I'm going to show you how to steal an election.

-- sidney

Judy G. Russell
October 28th, 2006, 12:30 PM
I'm glad I just voted by absentee ballot...

ktinkel
October 28th, 2006, 01:51 PM
I'm glad I just voted by absentee ballot...Connecticut is introducing its non-lever voting systems this year (I think a quarter of voters will use them for this year).

The voter marks a paper ballot with a provided marker, folds it, and takes it to a scanner, which copies the ballot and retains the paper copy.

Sounds cumbersome, but it seems to have good safeguards.

Judy G. Russell
October 28th, 2006, 06:02 PM
Connecticut is introducing its non-lever voting systems this year (I think a quarter of voters will use them for this year). The voter marks a paper ballot with a provided marker, folds it, and takes it to a scanner, which copies the ballot and retains the paper copy. Sounds cumbersome, but it seems to have good safeguards.I don't mind the whole e-voting thing, as long as there is a paper trail that can be used just in case. And I want the paper ballots to be used for a recount, not the e-voting results.

ktinkel
October 28th, 2006, 08:08 PM
I don't mind the whole e-voting thing, as long as there is a paper trail that can be used just in case. And I want the paper ballots to be used for a recount, not the e-voting results.I believe our system works that way, but time will tell.

I don’t believe our town is included in the 25%, so we will pull our levers and wait to hear about the others!

Lindsey
October 28th, 2006, 11:25 PM
And I want the paper ballots to be used for a recount, not the e-voting results.
Amen. Otherwise, it is just the computer auditing itself. Which is about as reliable as any other self-audit. Which is to say: not very.

--Lindsey

Judy G. Russell
October 29th, 2006, 12:23 AM
Amen. Otherwise, it is just the computer auditing itself. Which is about as reliable as any other self-audit. Which is to say: not very.Or not at all. GIGO, y'know.

sidney
October 29th, 2006, 03:03 AM
I finally read Ron Rivest's recent paper about a secure paper-based voting system that he's invented. I had heard that he came up with a way of preserving accountability, anonymity, voter verification that their own votes were counted, and even prevent vote selling or coersion, all in one system, but that it was likely too complicated for the average voter to understand. Ron Rivest is a top cryptographer, the 'R' in RSA, but this system uses no cryptography at all.

I was surprised to discover that Rivest's system is easy to understand and can be made easy to use. Here is how it works:

Each ballot looks like three ordinary ballots with one candidate name and a bubble per line, the three ballots joined side by side as three columns with perforations to separate them. Each of the three parts is labeled with a unique, random, unrelated ID number. Each row of the ballot has one candidate's name and three bubbles in all.

To vote for a candidate you mark any two of the three bubbles in the row. To not vote for a candidate, you mark any one of the three bubbles in the row. The voter puts the ballot in a scanning machine that rejects it if a row has zero or three bubbles filled in. The machine checks the ballot, then separates the three parts. Because you have to enter something to indicate for or against, it is easy to be sure that every ballot that is scanned has been read correctly.

The voter selects one of the three parts, is given a copy of that one part to take home, and after checking that it is an accurate copy puts the three originals in the ballot box.

The one part that the voter keeps cannot be used to prove how they voted without knowing what is on the other two parts.

The ballot box will have three pieces of paper for every voter, all mixed up so nobody can associate the random ID numbers with any voter, and nobody can tell which part went with another. Every candidate will have one mark per voter plus one mark for each vote for them. Thus, the number of votes for a candidate is the total marks they get minus the total number of voters.

The ballot IDs and votes are all put in a database on a website, as is the list of everyone who voted (presumably voter ID numbers, not actual names). Publishing the list allows anyone to confirm that they are listed as having voted. Publishing the database of ballots allows anyone to look up the one part of the ballot that they were given a copy of and verify that the database has them listed as having voted and has the correct set of votes for that copy.

The system is transparent, totally auditable, and highly resistant to fraud.

-- sidney

Judy G. Russell
October 29th, 2006, 08:18 AM
The system is transparent, totally auditable, and highly resistant to fraud.But also, it seems to me, somewhat labor intensive, which guarantees it won't be widely adopted.

sidney
October 29th, 2006, 02:13 PM
But also, it seems to me, somewhat labor intensive, which guarantees it won't be widely adopted.

I'm hoping that someone will think of a way of moving the complexity into the machine without sacrificing the security properties. It would be possible for someone to choose a candidate to vote for by pushing a button on a touchscreen and have the machine fill in two bubbles for that one and one bubble for everyone else, but there has to be some way for the choice of which one or two bubbles are chosen on each row to be unpredictable.

Rivest's scheme has the voter choose the bubbles. If the machine chose the bubbles at random it would work fine, as long as one can be sure that the machine is not built with a biased random number generator. It may be a reasonable compromise to have to focus on the correctness and security of that one aspect of the machine in order to allow the voters to use the simpler voting procedure yet still have all of the transparency and auditability of Rivest's three-part paper ballots.

Judy G. Russell
October 29th, 2006, 03:05 PM
It may be a reasonable compromise to have to focus on the correctness and security of that one aspect of the machine in order to allow the voters to use the simpler voting procedure yet still have all of the transparency and auditability of Rivest's three-part paper ballots.That sounds like it would do what we all want!

Lindsey
October 29th, 2006, 10:14 PM
Or not at all. GIGO, y'know.
Or perhaps garbage in, garbage in -- into office that is. :(

--Lindsey

Judy G. Russell
October 29th, 2006, 11:26 PM
Or perhaps garbage in, garbage in -- into office that is. :(
Sigh... all too possible, I'm afraid. (But then what we get without rigged elections ain't all that much better...)

Lindsey
October 30th, 2006, 11:23 PM
But then what we get without rigged elections ain't all that much better...
Can't argue with that!

--Lindsey

ndebord
November 18th, 2006, 06:31 AM
That is the fear, for sure...

Judy,

To paraphrase the right. The fear "revealed."

http://www.rawstory.com/showoutarticle.php?src=http%3A%2F%2Fwww.opednews.c om%2Farticles%2Fgenera_rob_kall_061117_clear_evide nce_2006_.htm

<<Landslide Denied! Major Miscount in 2006 Election: Were 4% of Votes "Misplaced"?>>

Lindsey
November 18th, 2006, 10:27 PM
To paraphrase the right. The fear "revealed."

http://www.rawstory.com/showoutarticle.php?src=http%3A%2F%2Fwww.opednews.c om%2Farticles%2Fgenera_rob_kall_061117_clear_evide nce_2006_.htm

No question but that there were problems in a number of places, most notably in Saratoga County, Florida, but there were problems in some Republican strongholds, too, and I would like more solid evidence than simply a mismatch between exit polls and actual vote counts before characterizing it as proof of deliberate hacking. I would be more willing to believe, for example, that what happened in Saratoga County was the result of (a) poor ballot design; (b) machine malfunction; and (c) deliberate non-feasance on the part of election officials, particularly Florida's secretary of state, who could well be acting to further partisan interests by ignoring obvious problems that worked to the detriment of the Democratic candidate. That doesn't have to mean that they deliberately caused those problems, only that they are more than willing to tolerate them when they disadvantage the other side.

--Lindsey

ndebord
November 23rd, 2006, 11:45 PM
No question but that there were problems in a number of places, most notably in Saratoga County, Florida, but there were problems in some Republican strongholds, too, and I would like more solid evidence than simply a mismatch between exit polls and actual vote counts before characterizing it as proof of deliberate hacking. I would be more willing to believe, for example, that what happened in Saratoga County was the result of (a) poor ballot design; (b) machine malfunction; and (c) deliberate non-feasance on the part of election officials, particularly Florida's secretary of state, who could well be acting to further partisan interests by ignoring obvious problems that worked to the detriment of the Democratic candidate. That doesn't have to mean that they deliberately caused those problems, only that they are more than willing to tolerate them when they disadvantage the other side.

--Lindsey

Lindsey,

In similar vein:


From the Brad Blog, this from Steven Heller, the Diebold whistleblower whose disclosures helped California decertify Diebold evoting machines.

http://www.bradblog.com/?p=3826

"In my view, Diebold has shown they cannot be trusted to run elections in America. We must not allow a private corporation to run our elections for us in secret, using secret machines and secret software. The only thing secret about our elections should be the secret ballot.

I urge all Americans to insist Congress enact Federal legislation requiring that all voting machines must have a voter verifiable paper ballot, be run on open source software code, be subject to inspection by independent computer experts, and that each election have a random sample ballot recount. Only then will we have a chance of restoring true integrity to American elections."

Lindsey
November 24th, 2006, 10:22 PM
"I urge all Americans to insist Congress enact Federal legislation requiring that all voting machines must have a voter verifiable paper ballot, be run on open source software code, be subject to inspection by independent computer experts, and that each election have a random sample ballot recount. Only then will we have a chance of restoring true integrity to American elections."
Salon.com reports:
Rep. Rush Holt, Democrat from New Jersey, has pledged to reintroduce (http://www.rushholt.com/petition.html) a bill when the newly Democratic Congress reconvenes in January that would require all electronic voting machines to produce a paper record, and compel election officials to conduct periodic audits of the machines.
And interestingly enough, apparently Sarasota County, FL, voted, in this very same bungled election, to throw out its touch-screen voting machines and go instead with optically scanned paper ballots.

Meanwhile, the outcome of the election for Florida's 13th District House seat may end up being decided by the next Congress, since the Constitution specifies that "[e]ach House shall be the judge of the elections, returns and qualifications of its own members..."

--Lindsey