Schneier on Security

No paper trail, no problem, mark your electronic ballot with a big hard sharp rock.

A nice/civic-minded person is hosting the mp3s from the Last Hope conference.

If you haven't done it yet, download and listen to the Matt Blaze and the rest of the crew from MIT talk about the ES&S machines.

http://www.cryptolife.org/last.hope/...

Anyone want to bet that Diebold/Premiere will get paid to fix the problems? Over, and over, and over?

"In other news, election officials sometimes take voting machines home for the night."
But do they take them out to dinner first?

In all seriousness, this whole thing stinks. Maybe now we can stop pretending that this little experiment worked, at any level.

At least it's now become published. That is a step in the right direction. So the upgrade might be, say, similar to Win 95 to '98 ... and by Vista time, things will really be buggered. I see this as an opportunity for a call for open-source vetting. Let's see if the public puts enough pressure on things. Maybe CNN/etc would run the story, that would heat things up a bit! Should the upcoming US Pres election come down to the wire, let's see which camp cries foul first!

:...a ten-year-old error has caused..."

Ohio should stop letting ten-year olds design their voting system.

"I am committed to helping Ohio deliver its electoral votes to the president next year...''

Waldon W. O'Dell wrote that in August, 2003 GOP fundraising letter when he was CEO of Diebold, and I believe he meant it.

I should think that a lawsuit could leverage this statement quite well IF, as Bruce states above, the problem is systemic.

Then again, it may ultimately depend upon which judge reviews the case in appellate court.

Nudge, nudge...wink, wink.

In a recent german election, some voting machines were also transported to the private homes of voting officials the day before the actual election.

Some complaints against this and other oddities were filed, but the respective voting oversight commission summarily dismissed all complaints as "irrelevant".

Votergate: http://video.google.com/videoplay?...

If it's a random error present in all machines, it's really not likely to be a problem, except in that there's no justifiable reason for it to exist.

But there's lots of ways a random error could be a problem - for example, if it's a random error that only presents itself after X number of votes have been cast (like a buffer overflow or something), it's more likely to affect urban voting centers which tend to vote democrat and could be an issue in statewide or national elections (local elections would still likely be unaffected).

Or maybe you'd consider that a systemic error.

@Aaron: It's not exactly a random error. According to one of the articles,

"The problem is most likely to affect larger jurisdictions that upload multiple memory cards during counts, Riggall said."

That sounds like a contention issue with updating the central database, although the Washington Post article I am quoting from doesn't go into technical details. However, given the closeness of the 2004 election, and the fact that the cities of Ohio were the most democratic, and the most likely to be "larger jurisdictions" this error might have affected the outcome of the elections then.

And if Ohio had swung, the election would have, as well. So, while it may not have been a politically motivated "error", but because of it's failure mode, it might have had political effects.

there has to be prison time for this or we are left knowing all elections they were involved in are jokes. there has to be downside. 10 years of effort covering up shows a criminal conspiracy.

If paper trails had been required in the first place, a quick comparison check after a couple of elections would have found the errors. Our elected officials get an awful lot of money and perks for no responsibility and no accountability.

Wouldn't that mean that every single election held on Diebold machines are now suspect?

And isn't it voter fraud against the law? The guys from Diebold should be getting jail time.

Somehow I'm just not willing to believe that any such bugs in the Diebold voting machines are purely accidental. It reminds me of the Underhanded C contest, where you get bonus points if you can plausibly claim that the bug you planted was an honest mistake.

With the consistent "election anomalies" in the US, along with the fact that these things are still in use after numerous scandals, I don't see how anyone could come to any other conclusion than that the US government is corrupt to the core.

If the US government was a software project, the best thing you could possibly do is trash the whole thing and start over from scratch.

Theoretically, the people have the power to make this happen. In reality, because the mass media are largely under the control of the government and equally corrupt corporations, the chance of that happening is astronomically small.

Maybe if the country completely collapses economically (which, at the current rate, shouldn't take much longer), things might improve.

Unfortunately, there would probably be very hard times ahead for the whole population except the people causing this in the first place, and the US just might drag a decent chunk of the world with it.

@derf:

The 'quick comparison check' only works if you can prevent people with inside knowledge and a preferred outcome from pre-selecting the polling stations to check.

http://www.iwantmyvote.com/recount/ohio_reports/...

@Sparky: "If the US government was a software project, the best thing you could possibly do is trash the whole thing and start over from scratch."

Which is pretty much how the US government was started in the first place. I think it's user error -- I don't think a full rewrite is needed, but some of the running processes have gotten corrupted so a reboot would be nice. ;)

Govt Skeptic@3: "In all seriousness, this whole thing stinks. Maybe now we can stop pretending that this little experiment worked, at any level."

Diebold machines have worked out quite well for the Republican Party over the last few elections.

Open source Constitution?

@Phil - "...a reboot would be nice."

Yeah...but the process without any changes would still result in the one-sided corruption we have now.

The American "software experiment" has failed and become corrupt. Some of the current running processes such as the Private {Lobby(cash)} and Public Static{Select(Judge)} need to be deleted from the program.

Cash rules...and all voters can do is watch and gripe. They've been disenfranchised en'masse.

IF the results are systemic?

It's virtually guaranteed that the results are systemic in Ohio. Here's why.

Ohio is generally a red state, except in the Northeast corner, which is heavily blue. Cleveland itself is VERY blue.

The bug introduces itself in larger counties, and is pretty much never going to be seen in smaller counties. Therefore, votes in larger counties are going to be undercounted.

Large counties = more blue votes
Large counties = more undercounting
therefore
Blue votes = more undercounting.

Viola! Electoral votes delivered to the president, as promised.

The conservative news media barely noticed when "two of three high-ranking Cleveland election officials were convicted" of rigging the the 2004 presidential recount in heavily Democratic Cuyahoga County in 2004.

http://blogs.usatoday.com/ondeadline/2007/01/...

And then their boss resigned. That was the end, nothing to see here folks, just move on.

I would add a couple more reasons for why election techology is hard:

The pollworker population - It's very hard to find volunteer staffers on a Tuesday. (The largely unexamined horror story of the 2000 elections in Florida involves polling places that opened hours late because no one showed up to run them.) Mostly you get retirees, a group which is especially unfamiliar with technology. So you have to make sure the administrative tasks like opening and closing the polls are easy to do.

Accessibility requirements - With paper ballots, it's taken for granted that blind people will have to have someone in the booth with them to help them vote. With electronic machines, one of the requirements on every buyer's list is that absolutely everyone should be able to vote unassisted, which adds complexity. (And frustrates attempts to add paper-based verification to the process.)

Full disclosure: I'm interested in this issue because a relative of mine worked for a voting company for several years, and I was once paid to proofread a voting machine manual. (You haven't heard of the company because, like many of the smaller players in that industry, it's never been part of a major snafu.)

Voting is really handled poorly. Just like DNS, gov now legislate DNSSEC in 2 years. Pathetic.
USA is really handled poorly. Just like [ fill in anything ]. Pathetic.
Oh well. Why do people even try anymore, the system is broken!

And Premier's voting system just passed it's certification test last Winter, per the Election Assistance Commission's (EAC) Voting System Certification:

http://www.eac.gov/voting%20systems/...

Of course, the company who did the testing is being scrutinized by the EAC on their testing procedures, tester experience and being too chummy with the system manufacturer .

http://www.eac.gov/program-areas/voting-systems/...

Don't forget it is the vendor who pays for the certification testing. No conflict of interest there.

"In other news, election officials sometimes take voting machines home for the night."

Right. Did you think this through?

I host the local polling place in my garage. The voting machines are delivered a few days before the election. I setup the machines the night before, but I am not allowed to test the setup to make sure it works. I do not know until I open the polls at 7am in the morning whether anything is going to work.

In your professional life, would you consider assembling a network of computers, then putting it straight into production without any testing?

The day is already very long when you work the polls - on-site at 6am and you are not done until 9 or 10pm (or later), and with very limited breaks. Poll workers are volunteers, mostly older folk, and somewhat scarce. Do you think it a good idea to take delivery and assemble a network of machines a few (more) hours before the polls open?

If so, are you volunteering to work the polls?

The security of the voting process cannot depend impractical procedures.

Election officials who approved Diebold systems should be fired.

Company spokesman Riggall? You have to be kidding me!

You CT guys need to get a grip. Never attribute to malice that which is adequately explained by incompetence.

Plus, if the Diebold guy was planning to rig the election, do you think he would have stated it publicly?

However, I will stipulate using computers (especially windows based) for voting is stupid beyond belief because they enable exactly the kind of fraud you are worried about.

@bob: Incompetence is an excellent cover to use when you want to do something malicious. These guys are just barely smart enough to do that. Plus, I do think the Diebold guy is just stupid enough to state it publically (to a bunch of his wealthy friends).

Diebold are a bunch of crooks from top to bottom. IIRC, some of the senior people in that company had prior convictions for white-collar crime.

Diebold: The best election [systems] money can buy.

ATMs can withdraw money and transfer it between accounts and rarely make mistakes.

A voting machine only needs to count.

Many of ATMs and touch voting machines have Diebold on the front of them.

Am I crazy to think this may be deliberate?

@Quack Do you think banks would even consider using a Diebold ATM out front if it "dropped transactions" in higher volume areas?

@ bob, you are wrong to state that he admitted it publically, he emailed it to republicans whom he and all of us can assume are ok with their own corruption, the problem was the same one that CIA has, nothing that stupid and obvious will remain secret just because they classify it so
Read the book 'Legacy of Ashes' and find out what the billions of dollars are used for.

I host the local polling place in my garage.

Jesus Hussein Christ.

A polling place in a private home? Isn't there a school or something in the precinct?

Something is rotten in the States of America. I knew about polling places being set up in churches over there, which is shocking enough, but this really takes the cake.

Oh, so the "blockquote" tag isn't allowed. The first line of my comment is a quote.

Has Diebold even been making voting systems for 10 years? They entered the touchscreen machine market by buying out a company that had designed them. Not sure when, but large scale production of the machines started in early 2002 with boot screens saying "Global Election Systems", which suggests that it hadn't been very long since the takeover. And 25% of the motherboards wouldn't boot; the GES design had several timing errors in it, which engineers were still tracking down in June, with a contract in place to fully equip Georgia by the November election.

Diebold added even more bugs when they upgraded the GES software in order to meet Georgia's requirement for bilingual voting, but if GES's software design process was as bad as their hardware design, it's likely that they introduced this "ten year old" bug before Diebold was involved. The real problem is that the system didn't encourage manual cross-checking, which would have found the problem in 2002, the first time it was widely used. That is, it was possible to go around the machines in a precinct and read out each individual total, add those up, and then compare that to the totals reported by the central tabulating computer - but since election officials trusted the machines, they didn't do that.

Obligatory comic, sparked by one of Diebold/Premier's many excuses for the discrepancies: http://www.xkcd.com/463/

Now, I have no problems with voting machines except they seem more expensive and are (very!) much simpler than computers sold for (for example) manufacturing, trade, etc. What would happen if those lose data? Millions, hundreds of millions, lost money - seen that and seen what then happens, it gets very serious and ugly, very fast, for a company which made the mistake - excuses not accepted! Maybe voting is not so important after all - just profits as usually?

Come on - designing such systems a long time and public safety systems where you have to audit, log every bit (some judge is going to ask it years later!) is not so difficult - only when the company starts cheating it goes wrong for no reason at all! It is the same price to design a good, trusty system as a bad system, sometimes even less expensive! It is pure incompetence!