Jefferson's democracy

Franklin Jefferson's thoughts on the world

Monday, April 03, 2006

Voting Machines

I've recently been looking at some articles on electronic voting machines, and I find them frightening. It looks like these things are an open invitation to hackers, and nobody seems to care.

From cyber.law.harvard.edu/briefings/dvb:
Computer scientists have been grumbling about the transition to electronic voting for years. They have claimed that electronic systems are too unreliable to entrust with the most sacred exercise in a democratic society. But it was Diebold's systems in particular that generated interest and outrage in July 2003 when a team of computer scientists published a scholarly review of the machines' software.
The report cataloged hundreds of flaws, which ranged from lack of password protection on central databases to a glitch that would allow holders of a certain "smart card" to vote as many times as they liked. As Avi Rubin, the principal researcher, explained, "We found some stunning, stunning flaws."
These flaws had not attracted widespread attention prior to Rubin, few people knew how to access Diebold's source code. As Joe Richardson, a spokesperson for Diebold explained, "We don't feel it's necessary to turn [the source code] over to everyone who asks to see it because it is proprietary."
This lack of access was one of the main objections computer scientists raised about electronic voting. They argued that electronic voting is inherently undemocratic because, when a company's software cannot be viewed by the public, voters have no way to ensure that it works properly-the public must simply accept the company's assurance that touching a button on a computer screen registers as a vote for the correct candidate. As critics have explained, the systems are also highly vulnerable to tampering, malfunctions, and problems with voter-privacy because results are aggregated in centralized databases - databases that can easily be altered.

Some more links: www.freepress.org/departments/display/19/2005/1636
www.freepress.org/departments/display/19/2005/1593
blackboxvoting.com/

I'd be more willing to trust the computerized machines more if the source code were open to inspection. The computer industry has time and time again proven that "security by obscurity" doesn't exist; flaws exist in the security of every computer system, and if you don't bring them out in the open, then they will be exploited in the dark.
In fact, testing software without having any knowledge of what's going on inside is not likely to reveal any security flaws at all.

From Wired: www.wired.com/news/politics/0,1283,60563,00.html
"Last January the electronic voting machine maker faced public embarrassment when voting activists revealed the company's insecure FTP server was making its software source code available for everyone to see.
"Then researchers and auditors who examined code for the company's touch-screen voting system released two separate reports stating that the software was full of serious security flaws."

Notice the trend here? The voting machine software was, in fact, insecure, but the fact that it was insecure wasn't revealed until researchers EXAMINED THE SOURCE CODE.
Second, the computer voting machines have been pushed into place with little or no testing, and the voting machine companies have been frantic to *avoid* independent testing.
Here's a story from NBC www.msnbc.msn.com/id/5762054/
"Michael Shamos, a Carnegie Mellon computer scientist and electronic voting expert, told lawmakers in Washington, D.C. the system for 'testing and certifying voting equipment in this country is not only broken, but is virtually nonexistent.'
"Virtually no oversight" "Although up to 50 million Americans are expected to vote on touchscreen machines on Nov. 2, federal regulators have virtually no oversight over testing of the technology. The certification process, in part because the voting machine companies pay for it, is described as obsolete by those charged with overseeing it.
"The testing firms - CIBER and Wyle Laboratories in Huntsville and SysTest Labs in Denver - are also inadequately equipped, some critics contend.
"Federal regulations specify that every voting system used must be validated by a tester. Yet it has taken more than a year to gain approval for some election software and hardware, leading some states to either do their own testing or order uncertified equipment."
Third, when independent testing has been done, all too often the machines have failed.
www.bbvforums.org/forums/messages/1954/5921.html
www.freepress.org/departments/display/19/2005/1636
www.freepress.org/departments/display/19/2005/1529
www.votersunite.org/electionproblems.

Our voting system should be absent flaws, period. I would like to *stop* the process of challenging and recounting; I'd like a system where it is possible to count votes and know the total, without manifest doubt about the validity of the system.
I desire the kind of security that comes when hundreds or thousands of independent eyes examine the program and look for flaws. This does rely on an assumption, which is that the number and cleverness of people trying to expose the flaws to the world exceeds the number and cleverness of the people trying to exploit the flaws. I believe that this is true of America, and that openness is a good thing.
I think Democrats are sleazy and untrustworthy. I think exactly the same about Republicans. The "consequences" I want is for all source code for computerized voting machines to be available for inspection. That sounds simple and straightforward enough to me. I don't see what you think is gained by not allowing us to see the details of the software that counts our vote, and the more you argue that we shouldn't be allowed to see it, the more I really start to worry about exactly what it is that you think we shouldn't see.

Some more disturbing links:
news.mywebpal.com/partners/680/public/news674236.html

wishtv.com/Global/category.asp?C=49590&nav=0Ra7JXq2

www.onlinejournal.com/evoting/042804Landes/042804landes.html

Just a couple of snippets showing a few more recent problems with electronic voting machines. San Angeleno Times: www.sanangelostandardtimes.com/sast/news_local/article/0,1897,SAST_4956_4559073,00.html

"...About 1:30 p.m. today, county Republican Chairman Dennis McKerley stopped the recount after workers found discrepancies of as much as 20 percent between what was counted Monday and what was reported Election Night. "We're having some trouble with the electronic equipment," McKerley said."

Chicago Tribune
www.chicagotribune.com/news/custom/newsroom/chi-060321voterproblems,1,1831943.story?coll=chi-news-hed
"... At one point, a dozen repair technicians showed up to test the faulty equipment. It turned out someone had forgotten to flip an internal switch in another device that authorizes each voter and transmits the results.
"At Chute Middle School in Evanston, voters only cast paper ballots when the electronic touch screen didn't work. "The little memory card is kaput," said election judge Jerry Smith.
"Among the paper ballots cast by 1 p.m., Smith said five or six out of 57 had been spoiled because voters had accidentally filled in more than one candidate for several judgeships.
"The error wouldn't have occurred if the voters had been able to use the electronic touch screen to vote, Smith said.
"Across town at Evanston's Grace Lutheran Church, election judge Carol Straus lamented low turnout and three machines that failed to work: The electronic touch screen, the election counter, and the scanner that counted the manual votes...."


The Morning call online:
www.mcall.com/news/opinion/anotherview/all-brau3-23mar23,0,3808305.story?coll=all-newsopinionanotherview-hed summarizes my worries. "If easy-to-manipulate, computerized voting machines ever become the standard for elections across the country, we would lose forever the ability of a citizen to have his or her vote cast and counted accurately. Simply put, the United States of America would no longer be a democracy."

5 Comments:

Blogger Franklin Jefferson said...

Simple physical security is still important, of course. Merely examining the software won't stop everything; it isn't a perfect solution.
www.wired.com/news/politics/0,1283,60713,00.html . But it will help.

Elections should be open and verifiable. I don't think that any part of the software to count votes should be secret.

avirubin.com/vote

4/03/2006 10:38 PM  
Anonymous Geoffrey A. Landis said...

Interesting discussion. Yes, if electronic voting machines can be hacked, that's pretty frightening. You really want an election that's verifiable, and everybody agrees that the result wasn't tampered with.

I've always thought that voting should just go with the number-two pencil and a sheet where you mark your choices like a SAT exam. Everybody in America younger than, say, 60 or so has taken hundreds of these tests, and they all know the drill. So it's a voting method that people have used a lot of times, not just something used once every four years.

Of course, Educational Testing just found out that the optical scoring machinery mis-scored a few thousand of them; which comes out to about one in a hundred. But, guess what? They still have the paper, and could rescan them all. Unlike the electronic voting machines, which seem to just say "here's the result, believe it or not." The optical system has a built-in record. (and, I'm assuming that the scanning flaw in their machinery can be fixed easily enough).

-- but, yes, if we have computer voting machines, having the source code available for inspection certainly is a good safety precaution. You would think that the people buying the voting machines could just write that into the law; any voting machines that they buy have to come with the source code. And the company wants to keep it proprietary? Then buy from another company. (The actual machine code, too, for that matter!) . A paper trail would be nice, too, although it does have a problem; if the electronic voting machines say one thing, and the paper verification copies has a different result, how do you decide which one is the "real" vote?

4/03/2006 10:43 PM  
Blogger Franklin Jefferson said...

Here is the detailed discussion of how to hack electronic voting machines (at least the Diebold ones, which seem to be the ones most criticized):
www.bbvforums.org/cgi-bin/forums/board-auth.cgi?file=/1954/15595.html

4/05/2006 5:06 PM  
Anonymous Anonymous said...

[url=http://saclongchampa.blinkweb.com/]sacs longchamp[/url] Don't forget your maps or GPS, shopping lists and a plan of action. Put everything in the car on Thanksgiving night so they're ready to go on Friday. Black Friday apps are also a great way to stay organized during the shopping frenzy.. Closely fitted collars of carpet underlay act as a physical Mulberry Antony Messenger Natural Leather Bag Black for Men,Cheap Mulberry Bags On Sale, Mulberry Bags Outlet, fast delivery. barrier. The eggs are prevented from reaching the soil. They dry up and perish instead of hatching..
[url=http://longchamppasche.ucoz.com/blog]longchamp soldes[/url] Rapid is usually a reinterpretation with the keepall journey carrier. Want to purchase your personal item, you might have located louis vuitton sales 2012 the Designer Mulberry Women's Standard Alexa Leather Satchel Black Bag. Women can find a multitude of trendy designs at reasonable prices during a handbag sale. right spot for it, Go to Hermes Handbags on sale. If you have any concerns about your own health or the health of your child, you should always consult with a physician or other healthcare professional.
[url=http://longchampmoinse.zankyou.com/us]sac longchamps[/url] Besides womens clothing, the store sells products such as clothing for men and kids, sunglasses, watches, handbags, cosmetics, accessories etc. Conway | Dec 3rd 2012 - If you want a stylish, designer bag that is built well and uses only the best materials, a Chanel handbag may be what you are looking for. Directly from the fashion show circuits, .. Authentic leather has a distinct smell and this would give you clues if these real or not, as there is a particular leather smell of the handbags. Another crucial thing when buying a leather bag is to have a good look on the stitching. It should not be messy but neat.. As a smart shopper, the two most frequent things we look for in a bag are quality and design. Is it resilient? Will it last long? Is this model delightful? Well-known Mulberry Women's Bayswater Leather Toter Black Bag supply cheap, Mulberry Bag makes it easy to carry, is very suitable for urban day These are generally a number of the questions that pass in our heads when shopping. Naturally, we still have to consider the selling price.

3/03/2013 6:18 AM  
Anonymous Anonymous said...

UdR a yoUX http://saihuerumesu.com/ zjRI c ycKC etL [url=http://saihuerumesu.com/]エルメス バッグ[/url] DyW qeZO z ixUW http://yuuguuerumesu.com/ qoKT n jqAH esL [url=http://yuuguuerumesu.com/]エルメス 財布[/url] QgY lzVN y cwKN http://bagguerumesu.com/ wwCE g dvUS tlI [url=http://bagguerumesu.com/]エルメス バッグ[/url] StR tfJU o yqYV http://sugureerumesu.com/ ksXH c npAK urX [url=http://sugureerumesu.com/]エルメス エブリン[/url] ZwY o awCU http://ninnkikochi1jp.com/ vqQQ q aoFB axS [url=http://ninnkikochi1jp.com/]COACH バッグ[/url] GqS blDY c bcZK http://kochijapkakakua.com/ ybCZ m vzER rdB [url=http://kochijapkakakua.com/]コーチファクトリー[/url] VsY zwDL z cgHO http://autorettoerumesu.com/ rjDN j ixZC hjC [url=http://autorettoerumesu.com/]エルメス バーキン[/url] VyQ hzNY y asXO http://onnrainnkochi1jp.com/ qnOK u voSW zjU [url=http://onnrainnkochi1jp.com/]COACH バッグ[/url]

3/27/2013 8:40 AM  

Post a Comment

<< Home