Schneier on Security

One positive development is that at least some state election officials no longer seem to be in denial.

It's quite a change from even a year ago, when officials in, yes, Ohio and California, would parrot the manufacturers security claims, asserting that problems identified by computer security researchers were "theoretical only", and that the people complaining about them knew nothing about the conduct of "real" elections. At the time, they seemed to feel that a knowledge of election procedure was all that was necessary to assess the security of electronic voting systems, whereas an elementary understanding of computer security was entirely superfluous. It's good to see that the cluebat pounding they sustained had a salutory effect on their outlook.

Don't forget that the person in charge of elections here in California actually worked for Diebold.

It seems at last like the tide might be turning. Of course, this is after two major elections were conducted with the flawed machines, and in some cases many more local or municipal elections. But somehow, the wall of silence surrounding electronic voting systems seems to be coming down.

Of course, this still leaves the most obvious question: why did we go down this road in the first place? It's not as though the flaws in electronic-voting systems are new; lots of people have been screaming about these things for years. And yet states and counties continued to implement them.

I think we need to be careful that in the apparent growing victory over flawed paperless-voting systems, that we don't allow the people who foisted them on the public to whitewash the past and make it look like they just discovered how bad the systems are. They were broken from the beginning, everyone knew or should have known it, and now the U.S. taxpayers are going to foot the bill.

That a Premier spokesperson should offer such a clueless defense is not surprising, since 'Premier Election Systems' was formerly Diebold, and they routinely denied even the possibility that there were people who would be interested in tampering with elections.

And, from a conspiracy-theory standpoint, it's convenient their new and improved systems are due out for installation in 2008 ...

"... none dare call it vote fraud, for if vote fraud succeeds ..."

Maybe they should call the system "VotesForSure". Rigged to work in the way wanted by those who bought the voting machines in the first place.

Like DRM for Democracy...

> "It is important to note," he said, "that there has not been a single documented case of a successful attack against an electronic voting system, in Ohio or anywhere in the United States."

Hilarious. This guy reminds me of the Weisert quote: "As far as we know, our computer has never had an undetected error." Stupid then. Stupider now, since Rigall's company wants to oversee democracy for us.

Not in Maryland! Our Diebold machines are perfectly safe. Nothing could ever go wrone err wrogn err wrong. We don't even have to wait for "we'll get it right next time" Diebold/Premier to fix 'em..

Just ask Linda Lamone; she keeps telling us how wisely she spent the $65,564,674 of taxpayers money on them....

Ok, why don't you design one, or prove it can't be done. And please let me know the result, so when I go to the polls my favorite doofus doesn't get elected, we all have grounds for a lawsuit.
Thanks.

I agree with kadin. People in the IT and Security businesses have been asking for open source open standard hardware for ages, and neither suppliers of voting machines, or government procurement agencies have listened.

Now, after years of possibly illegitimately elected officials as well as substantial investment in faulty voting systems, it seems like people are starting to listen - at least, from my far away point of view (I am living in China so i receive no american mainstream media, just the media i look for... I have no fox, no abc and no nbc ).

Clearly, the only way for electronic voting systems to work is for them to be open source and leave paper trails. Why we contract the job of designing and manufacturing these systems out, however, is beyond me. It seems that the people doing the contracting have a conflict of interest - it is in their best interest to buy/sell systems that serve them. That is to say, for politicians, to buy machines from people who will make them easily hackable (possibly telling them how to hack the machines), and for manufacturers, to make machines that keep their customers in power.

"Of course, this still leaves the most obvious question: why did we go down this road in the first place?"

In the first place, few of the systems replaced by the touch screen machines were trustworthy, either. The lever machines were probably the most difficult to cheat, but they're getting very old, and aren't well-suited to modern demands such as bilingual ballots (not that I agree that American elections should ever be conducted in any language but English), and handicapped accessibility. The punch-card systems always misread at least two percent of the ballots, and never could come up with the same count twice - and that appears to have been acceptable until the inherent limitations of the system met bad ballot design, poor election-day implementation, and an election that was a statistical toss-up in 2000 in FL. Mark-and-optical-scan systems work quite well in small precincts where the workers have time to deal with confused voters, to scan each ballot in front of the voter, and to replace ballots that don't scan - but would have been a disaster in Miami Beach, considering that workers there neither bothered to simply explain the butterfly ballot to voters waiting in line nor to replace punch cards for voters that knew they had mis-punched. Hand-counting often leads to accusations of cheating on the counts.

And that was the real reason for the rush to purchase electronic machines - like the old lever machines, these leave you with nothing to hand-count, nothing to do on a re-count but go around and read the machine tabulations again, and little room for accusations of cheating by the officials (other than letting unqualified people vote or excluding qualified people). They had too little experience with computer systems to realize that switching to computers, especially ones based on Windows, just open the possibilities for cheating up to everyone...

"Of course, this still leaves the most obvious question: why did we go down this road in the first place?"

This is called corruption - politicos spending taxpayers money in order to benefit their pals in big business. These same politicans will end up sitting on the boards and bullshit posts after they leave the guvirnmint employ.

It's the same reason why we have wars. And it is the very nature of the State. I'm not sure why people are so surprised when it shows through.

How appropriate that the report should be dated 7 December. Hopefully the e-voting machines suffer the same fate as the battleships in Pearl Harbor.

@averros: Never attribute to malice that which is adequately explained by incompetence.

@markm: "Hand-counting often leads to accusations of cheating on the counts."

You just need scrutineers—candidates' representatives watching the counting to ensure their candidate isn't illegitimately disadvantaged. It works well—the last attempt at cheating the count in Australia I've heard of was in 1996 for one seat in a state legislature.

Anonymous: It depends on how much distrust there is in the officials to begin with.

1) In the Miami Beach 2000 fiasco, a hand recount was aborted by a near riot staged by Republicans who claimed they'd been blocked from scrutinizing the recount process. I've no idea where the truth lies.

2) In San Francisco that same year, shortly after the election a number of ballot box lids were found floating in the Bay. Obviously, if ballots are on the bottom of the Bay, no fair count is possible. Election officials claim that after the count was complete they were washing the (emptied) ballot boxes on the docks and the lids just blew away, but not everyone accepts that. (I think SF is so heavily Democrat that it's hard to come up with enough scrutineers from any other party, even if the officials are playing fair...)

OTOH, why bother fiddling the count when you can have the dead and illegal aliens vote your way?

"OTOH, why bother fiddling the count when you can have the dead and illegal aliens vote your way?"

FUD alert. The Bush DoJ has been trying for years to find evidence of this occurring in order to buttress calls for poll taxes... I mean, voter identification cards. It simply doesn't happen in any widespread systemic way.

Far more effective to fiddle with the vote count by removing registered voters from the rolls and undersupplying the polling places in districts likely to vote against your party.

Has anyone discussed an internet-based vote monitoring approach? As you cast your ballot at your precinct, you get a random 5 digit number. Go home, log on, and look up your vote.

Clearly, there will still be errors, and voters will have the opportunity to report errors (but not change their ballot). The patterns of reported errors will provide the opportunity to track foul play.

@Greg306

If you get the number on a piece of paper then it can be used to prove how you voted (look up vote buying).

If you don't get it on a piece of paper then everybody will forget it or get it wrong and then there will be too many false positives.

If I want to fix the vote, I just a) give a number of people the same number or b) fix the web page program so that it lies about the votes.

In other words; yes people have thought about similar schemes and almost all systems found so far are a bad idea.