More Diebold E-Voting Vulnerabilities 535
presmike writes "ok, it looks like Diebold has more to worry about now that it is possible to change votes with a 5 line VB script. 'The vulnerabilities involve the Global Election Management System, or GEMS, software that runs on a county's server and tallies votes after they come in from Diebold touch-screen and optical-scan machines in polling places.'"
Blimey (Score:5, Interesting)
"There's 14,375 votes for Bush, 14,374 for Kerry and 2,793,036 for Mr. Magoo, let's tell the public about this 4 years after the election, OK?"
Re:Blimey (Score:5, Insightful)
If someone compromises their network and server enough to install and run a script, they've got considerably more at their fingertips.
When you have the CEO of Diebold saying "I am committed to helping Ohio deliver its electoral votes to the President next year." [blackboxvoting.com] why do you think the evilness has to come from outside Diebold?
Re:Blimey (Score:5, Insightful)
Re:Blimey (Score:5, Informative)
Re:Blimey (Score:5, Insightful)
It's kinda ironic that all of us nerds who love technology are the ones saying that this is a really bad idea. If we're saying this technology is bad you'd think they would listen to us....
NOTE to FBI, election officials and readers: This is not a suggestion on things to do. I am not saying that someone needs to hack the voting system, I'm just saying that if the worste case scenerio occurs people would notice. I don't want someone doing this and me ending up in Gitmo.
(For the first time in my
Re:Blimey (Score:4, Interesting)
Re:Blimey (Score:4, Interesting)
Right now, the evidence is that one company's voting machines are definitely below any remotely acceptable standard, and that company has indicated a motive for making them flawed deliberately.
It's not evidence that proves all forms of electronic voting should be rejected, or that paper ballots are axiomatically better. It sure doesn't prove that other forms of felonious electioneering, such as getting voters falsely dropped from the rolls, will stop too if we just go back to paper. It IS increasingly solid evidence of a crime. The public will better serve itself if it focuses on what the facts definitely prove about Diebold than what they may tenetively suggest about the overall principles of electronic information security.
Re:Blimey (Score:3, Insightful)
Yeah Brain, but where would we find enough Diebold programmers who have that much knowledge?
From the first part of the article:
But the vulnerabilities do show incompetence and indicate that Diebold programmers simply don't know how to design a secure system.
Another comment I found particularly interesting occurs on the third page of the article:
But speaking generally on the vulnerabilities Harris mentions, Diebold spokesman David Bear said by phone that no
Re:Blimey (Score:5, Informative)
It's worse than that. From this link [scoop.co.nz]:
She has no way of knowing that her GEMS program is using multiple sets of books, because the GEMS interface draws its data from an Access database, which is hidden.
Getting a warm and fuzzy feeling yet?
Re:Blimey (Score:5, Funny)
I think it's nausea.
You know... Diebold does a lot of work with financial systems. Is this what they call the Harbinger of Doom?
Access (Score:4, Insightful)
They appear quite capable of screwing up a wet dream.
Re:Blimey (Score:4, Funny)
1. Set an ADODB Recordset
2. Open recordset with select statement for tables with the totals in them.
3. rs(fieldforcandidate)=new total
4. rs.update
5. rs.close
Or better yet, if you have a copy of access with you, skip the stupid script, open Access, and simply change whatever totals you want to.
Re:Blimey (Score:5, Informative)
In backwards socialist pro-islamofascist hellholes such as France, elections are 100% paper-based. People walk into the local voting point and (after registering and showing their elector card) are presented with a number of bulletins, each of them bearing the name of a candidate. They take several of them, walk into the booth and put the bulletin of their choice in an envelope. Then they walk to the ballot box and drop the envelope.
The integrity of the vote is ensured by the most primitive (and efficient) method around: after the vote is over, bulletins are counted by officials in each voting point in presence of the public. Bulletins are handpicked from the box, the main official reads the name aloud, and shows the ballot to other officials present and to the public. The names are also written down by two other officials. The total figures are then transmitted to a central office in Paris. On the next morning, people can check in the local newspaper that the vote count reported for their precinct corresponds to whatever was announced at the voting point.
This system is simple, efficient, and reasonably fool-/fraud-proof. Can someone explain me the exact problem with it ?
Thomas-
Re:Blimey (Score:5, Funny)
It's not BREAKABLE! (Score:4, Funny)
Re:Blimey (Score:5, Insightful)
Even running the GEMS software on OpenBSD would do nothing to make up for their lousy secuity design.
Re:Blimey (Score:3, Informative)
True, this is not a Windows flaw, it is a Dieblod flaw. However, if Diebold ran on another platform, it would probably take more than 5 lines of vbscript written in Notepad to decide who gets elected.
Part of having a stronger security is making it harder for the crackers to do things.
Re:Blimey (Score:4, Funny)
Re:Blimey (Score:3, Funny)
BSOD (Score:3, Funny)
Brazil's Voting System (Score:5, Informative)
Re:Brazil's Voting System (Score:3, Insightful)
Re:Blimey (Score:3, Funny)
Well, except in Hollywood.
A Better Voting Machine (Score:4, Funny)
Perhaps some of you security experts could evaluate whether this machine is more or less accurate and secure than Diebold's machines, but I'm pretty confident in its ability to surpass Deibold's accuracy. (Note to foreign readers: To interpret the results from the videos: if the red ball 21 or less, that's a vote for Kerry; 22 or more, Bush.)
Re:A Better Voting Machine (Score:5, Informative)
Dieblod is taking shortcuts trying to maximize short term profits. Corporate greed at its best.
Re:A Better Voting Machine (Score:3, Insightful)
I think that's the ultimate flaw in this process - why spend money on quality when price is the only thing that matters?
Re:A Better Voting Machine (Score:3, Insightful)
Well, there's the problem. The data can either go directly from each machine to the county elections board, or it can be collected and counted at the precinct level, then sent to the elections board.
There are a couple of reasons why you would keep the preliminary counting to the precinct level: Cost is one.
The cost of centralizing the count would mean that every machine has to be given a secure, direct connection to the central compu
Amazing (Score:5, Insightful)
Maybe they should claim that all their security experts were hired by Google after they took the GLAT.
(BTW, I love the "Politics" section color scheme. Can we do something similar for IT?)
Re:Amazing (Score:5, Informative)
Re:Amazing (Score:4, Funny)
Re:Amazing (Score:5, Insightful)
Re:Amazing (Score:5, Informative)
Re:Amazing (Score:3, Interesting)
I've often felt that some of the more intelligent people on Slashdot could pick better leaders than the average dumb American. Maybe we implement a Slashdot based v
Re:Amazing (Score:4, Insightful)
Do you think this is all by accident?
Re:Amazing (Score:3, Interesting)
Re:Amazing (Score:4, Informative)
Re: (Score:3, Insightful)
Exploits in ATMs (Score:5, Interesting)
I've worked with banks on other security systems, and in my experience they often "know what they want" but fail to ask the right questions. Of course, as soon as they start losing money, they get the point quickly. :)
(Okay, laziness over, I think this may be the paper I'm thinking of: Why Cryptosystems Fail [cam.ac.uk])
Re:Amazing (Score:4, Funny)
Dude, I love this word you created:
Campain \Cam*pain"\, n. [F. campaigne, It. campagna, fr. L. Campainia the level country about Naples strewn with band-aids, fr. campus field. See Camp, and cf. Champaign, Champaigne.]
Re:Amazing (Score:5, Interesting)
understanding? sure. motivation to implement it? maybe not. consider:
remember: in every first year computing science class assignment #2 is "bank machine".
Re:Amazing (Score:3, Insightful)
I'm sure Diebold poeple do understand security, very well. Clearly, the complete absense of security in the voting systems is not a result of accident, oversight, or incompetence. I am sure the absense of security is absolutely intentional.
These machines are designed, from the start, to rig elections.
Re:Amazing (Score:4, Informative)
Access is a RAD development system that uses Microsoft's JET database engine for data storage. (Actually, these days it prefers to use MSDE, which is a stripped-down SQL Server, but JET is still supported).
I have developed many departmental-scope apps in Access, and more in "real" languages using the JET engine. But anyone who would choose to use Access for such a large-scale system really needs their head examined. This isn't MS-bashing, they tell you what Access and JET are good for, and I don't think that Microsoft themselves would advocate this usage.
Reading through the Wired article, it appears that the Diebold programmers know very little about the correct usage of relational databases. Anyone who builds a data model that looks like what this article implies should not be entrusted with the keys to our democratic process.
Re:Amazing (Score:4, Funny)
Re:Amazing (Score:3, Funny)
Want to buy some tinfoil hats?
Just make sure they're not made by Diebold.
Another good example (Score:4, Insightful)
Another excellent example of why electronic voting software should be open source. Having many programmers looking over code doesn't automatically increase security, but it certainly increases the probability of finding and correcting asinine problems like the one discussed in the article.
We all know this. Now to convince the U.S. state governments, or the Feds (who should probably fund and sign off on it). Any representatives reading this?
Re:Another good example (Score:3, Funny)
No.
Re:Another good example (Score:4, Funny)
If you make a reference to Guybrush Threepwood in your comment I always mod it up. Go Monkey Island!
So what you're saying is, we should elect Guybrush Threepwood for president? Viva la Threepwood!!!
What do you want your money going to then? (Score:5, Insightful)
Do you want to pay for buggy, easily exploitable software then? I can understand your desire not to waste money on "fantasy vapor product that doesn't exist..", but you are paying for Diebold's mess. And you are paying for paper voting, recounts, and all the supporting infrastructure. Personally, since money is being spent regardless, I'd like to see it go towards a rock solid solution that will last awhile. It seems that OSS would be an excellent candidate.
Re:Another good example (Score:5, Insightful)
"Reinventing the wheel" is a bad analogy in this case. The priority here isn't to save money, it's to correctly count votes. Saving money is a secondary consideration. (This is why we don't fire judges and outsource our courts to India, even though that would save money too.) On a national scale, the amounts of money involved with Diebold are relatively miniscule- they probably wouldn't fund the Iraq War for more than a few hours. (And it isn't even clear that buying Diebold saves money over an in-house solution.) But there is simply no way to know that the votes are being counted if you can't SEE how they are being counted.
DieBold already had a system when the government went looking, the OSS community didn't. Their choices were DieBold, a couple other vendors, or "fantasy vapor product that doesn't exist and even if they funded it's development there's no guarantee the thing will exist by election time".
You are making an assumption without realizing it here- that the Diebold system will be automatically superior to the card-based system that was in place in Florida's 2000 election. Which actually performed remarkably well under the extreme condition of a tie. There is no reason why these new systems have to be in place by 2004 when they may actually compromise the election compared to the system we had before.
I don't want my tax dollars bankrolling OSS dev efforts.
Maybe not GPL software (I'd agree with you that far) but if we're going to use a voting system we should all be allowed to see the code, even if we can't modify or distribute it. Otherwise only Diebold knows who really won, and in fact Diebold is put in a position where they can choose the next president. The key concept is transparency.
Counting votes isn't even a hard problem. Diebold (and the rest of the software industry) has succeeded in convincing the government that
numVotes++
is some ingenious discovery like penicillin. So you aren't allowed to see the code, which might really look like
if (vote equals BUSH || (vote equals KERRY && rnd() < 0.9))
numVotes++
Diebold's right to its "intellectual property" has superceded your right to know your vote was counted. Ironic, considering these mounting revelations that Diebold's intellectual property isn't very "intellectual" to begin with.
Re:Another good example (Score:3, Interesting)
Instead we're spending billions on a missile defense system that never existed before the government asked for it. More than that, we're rolling it out and it's not even matured enough to perform a simple f'n test?! It's not like we're talking about a new commission or chair-level position. Slice off a
And in a related story... (Score:5, Funny)
George Bush and John Kerry sign up for MSDN subscriptions.
Nothing new.. (Score:5, Insightful)
change to our type (Score:4, Interesting)
I think it does have a paper trail and I've never heard of any vulnerabilities for it, and we have no hanging chads. Completely electronic.
Chris
Re:change to our type (Score:5, Insightful)
We are fscking doomed!
Voting machines designed by Sting? (Score:5, Funny)
Then it goes "de da da da," and finally it tells you, "is all I want to say to you."
Re:change to our type (Score:4, Insightful)
You think it has a paper trail, but you're confident it has no vulnerabilities?
Oh. Well, that's okay then.
After you push the button for Jones, how do you know that the system recorded a vote for Jones? What if the screen says Jones, but (inadvertently or deliberately) incremented the count for Smith, instead?
A real paper trail is one that you can see when you cast your vote. It just has to print 'one vote for Jones' on it, then spit it out. You put that printed record into a sealed ballot box before you leave the polling place. (Otherwise, other people could verify your vote and eliminate the benefits of a secret ballot). Then you've got a real paper trail. If you don't trust the machine count, you count the paper ballots.
A 'paper trail' where the printer spits out whatever number the computer tells it at the end of the day has no verification value whatsoever.
Get rid of E-Voting now! (Score:3, Insightful)
Re:Get rid of E-Voting now! (Score:3, Interesting)
Simple and relatively free from error. I'm sure optical scanners today should be able to process these damned quick, too.
Hopefully New York is not going to be using paperless electronic voting machines. I don't trust them.
Re:Get rid of E-Voting now! (Score:5, Interesting)
Their solution: A dual-method system. First, the person fills out a card with their choices. Then they put the card into a slot which reads it, so they get a chance to review their choices. If they want to make changes, the old ballot is stamped with "Void" and shredded, and a new one pops out, ready to use. If they accept the choices, the ballot is placed in a bin *and* recorded electronically.
Re:Get rid of E-Voting now! (Score:3, Informative)
It's not exactly that way. The counting is done by employees of the government, but it's done out loud, in front of a bunch of witnesses, among which there are up to 2 people representing each party. Only the witnesses are volunteers, the person who does the actual counting (taking the ballot, reading the ballot, saying who the ballots votes for, showing the ballot to all the witnesses) is employed and paid by Electio
Worry (Score:5, Insightful)
it looks like Diebold has more to worry about
You mean, it looks like the American people (and the rest of the world) have more to worry about. Diebold has been incredibly resistant to being damaged, no matter how many problems arise with their software.
Bow to your next president... (Score:5, Funny)
GEMS (Score:5, Insightful)
Truly a Gem!
But speaking generally on the vulnerabilities Harris mentions, Diebold spokesman David Bear said by phone that no one would risk manipulating votes in an election because it's against the law and carries a heavy penalty.
I am shocked. Shocked.
He also said that election "policies and procedures dictate that no (single) person has access or is in control of a (voting) system," so it would be impossible for anyone to change votes on a machine without others noticing it. And even if someone managed to change the votes, auditing procedures would detect it.
And this just is a killer. What is this guy smoking? Auditing is not done by default anyway. I am pretty certain Cthulhu is going to be elected.
Priceless (Score:5, Funny)
Microsoft Windows 2000: $200
Microsoft Access 2000: $200
PC: $500
Hiring an embezzler to put in three set of election results into your voting software controllable by a hidden combination of keys known only to you: $60,000 Changing the election results in favor of your candidate: priceless
"Of course, there are some elections that money can't buy. For everything else, there is Diebold."
uh-oh (Score:5, Funny)
Die, democracy, Die (Score:5, Insightful)
Re:Die, democracy, Die (Score:4, Insightful)
In other news... (Score:4, Funny)
I now have been elected governor in 15 states, plus chief justice in 4 others (but not in Caleefornya). I'm also now hold 22 of the Senate seats, 134 of the House, and I'm the Drain Commissioner in 2/3 of all counties in the US...
Blown out of proportion (Score:3, Informative)
Yes, it's a fact that GEMS is a web based product that utilizes off the shelf software as parts of interfaces (Windows, Access, etc). But it also should be noted, that web based does not mean connected to the web. If you read about the situation in Maryland, you'll see that the GEMS systems can only be connected to via modem and the modems have to be manually enabled to receive data. Thus you'd need to convince someone to turn on the modem and then call in to run this script. (Insert Kevin Mitnick social hacking commentary here.)
That being said, that doesn't excuse the programmers from anything. Yes, it's a bug. Yes, in voting systems it shouldn't be there. Yes, open source would be better. But this is misleading because it doesn't have anything to do with an individual vote or the official vote count for the state.
Re:Blown out of proportion (Score:4, Interesting)
Why would you suggest that having the wrong candidate reported as the winner would not have any effect? What about other polls that are still open, or states that are three or more hours behind?
That is precisely what happened in Western Florida in the 2000 fiasco. It had been decades since a single vote even seemed like it could matter - so if you've heard the news that your state has already decided on a candidate, why drive out to the poll?
The combination of many factors (modems? MODEMS!? Web-based? Bugs? Untested? Lack of peer review?!) compromising the security of the system indicates premeditated culpability.
Where *is* my tin-foil hat?
SciAm (Score:5, Informative)
Economist article (Score:5, Interesting)
Nice Diebold quote (Score:5, Funny)
Yeah, that's why there's never been any vote fraud in this country...I gotta remember to keep my shotgun loaded this November, that's when the dead people come out to vote in Chicago...
Re:Nice Diebold quote (Score:3, Funny)
In Canada (Score:5, Insightful)
It may be a little high-tech but this method could catch on in developing democracies like the U.S.
Re:In Canada (Score:3, Informative)
-Rob
Re:In Canada (Score:5, Insightful)
Re:In Canada (Score:4, Insightful)
We believe that if you're too intoxicated, stupid, or incompetent to mark a clear X in a circle, then you shouldn't be voting.
Re:In Canada (Score:4, Informative)
Any clear mark counts. A X, Check Mark, circle filled in completely, smiley face, etc. The point is that the voters intention is considered to be more important then the method. A ballot is spoiled if the Scruteneers cannot determine the voters intention, ie two or more names are marked somehow.
OK, some background on how a Canadian Federal Election is held. First of all, there is a fedral agency who handles all fedral voting in Canada, called Elections Canada. These guys take their political nutrality very seriously. Every riding is diveded into polling districts. There is a polling station for a max number of elegable voters in a geographic are (1000 I think, I dont think there is a minimum. I saw polls in the last election returning 6 votes)
Many times multiple polls share the same voting station. Upon entering the station, you are directed to the correct poll, where you show your elegable voter card (they mail this to you a few weeks before the election, I don't know why they don't ask for photo ID) and you name is marked off on the voter list. You then get the ballot. Its one issue per ballot, where the candidates are listed in alphabetical order, with party affiliation after the name. The ballots are printed on a brown construction paper with a ballot ID number printed twice, one on a tear off strip. There is a black bar vertically down the right side of the ballot with a blank circle next to each candidates name. After getting the ballot, you walk to a table in an isolated area with a white shield set up for privacy. You mark the ballot, and fold it up before returning to the poll. There the staff take the folded up ballot, rip off the tear off strip in sight of you, and hand it back to you (although I have seen places tear off the strip before giving you the ballot). You then put the ballot in the ballot box (white cardboard again) and the staff puts the strip in a seperate box. This keeps track of the ballots without identifying who cast it. This way if you spoil your ballot, you can ask for annother one with out them worrying about having extra ballots in the box. btw, the person who crossed you name off the voter list is never the person who gives you the ballot, so no one knows which vote you got, or who you voted for. Also, it allows the staff to determine if a bollot has gone missing. (There is a bizzar tradition of people eating their ballots as a form of political protest.)
Besides the poll staff, there are observers (usually from the political parties) These observers are called scruteneers. They observe the balot box is empty before the poll opens, and is not tampered with durring the course of the election. After the poll is closed, the ballot box is opened, and the counting begins. Technically, any scruteener can void any ballot by claiming it is spoiled, however this is rarely the case (Yes this can lead to vote tampering, as happened in the last Qubec referendum where the Yes side began declaring No votes to be spoiled, however the No side began spoiling an equal number of Yes votes to keep things equal, and reported the abuse afterward)
After the votes are counted, the ballots are put back in the box, and it is sealed again (in case a recount is necessary), and the numbers are reported to the riding (the area that a candidate will represent) level, usually by phone. I believe the repults from each polling station are suppost to bepublished somethere so the observers can double check the caounts, but I don't know how exactly this is done. Anyways, because there should only be a few hundred ballots to be counted in each polling area, the results are usually known in a few hours. A Federal judge can order a recount if a candidate shows just cause, and I believe an automatic recount is called if two candidates are within 100 votes of each other.
To sum up, the major difference between Canada and the US in voting is that there is a (non-partisan) Federal agency responsable for setting up and running the election, with standardised ballots. Provincial elections are run similarly to Federal ones, while Local ones have started using electronic vote counters, but using and keeping paper ballots.
why not this (Score:3, Funny)
obligitory plug for blackboxvoting.org (Score:5, Informative)
This is serious. Not only are they using a microsoft access (!!) database to store your vote, they are using a non-password protected access database.
Not only are they using a non-password protected access database, you can gain access to the
US Elections 2004: Battle of the Scripts (Score:5, Funny)
nice to know (Score:4, Interesting)
2 brothers will count 80% of the vote (Score:5, Interesting)
Two brothers will count 80% of the vote. [scoop.co.nz]
In a country where no-bid contracts and the VP's corporate relationships aren't questioned, this is worrying.
Voting machines vs. other machines (Score:4, Interesting)
I wonder what medicine and aviation would be like if their devices were allowed to be built like Diebold builds their machines. Lives on the line vs. the life of our democracy on the line...I don't see that great a distinction.
Diebold Execs: Stupid or Crazy? (Score:5, Interesting)
WTF?!? Murder is against the law and carries a heavy penalty and people still do it, numbnuts.
Diebold is saying essentially what the Bush administration and, really, all NeoCons. "Trust us, we'll do what's right. Why shouldn't you trust us? We're respected people in power."
Hell, that was an argument a White House attorney made in front of the Supreme Court! When asked whether a chief executive could falsify documents he said something to the effect of "Yes, but *this* chief executive wouldn't do that."
Why not create a system with ways to keep people from doing things that we don't like, instead of *trusting* people you *don't know* to do the right thing. We could call it something like "checks and balances."
Let's blame Microsoft ... (Score:3, Insightful)
But really, this is somehow Microsoft's fault. I know it!!
In related news, Diebold denies any backdoors (Score:3, Informative)
While this Slashdot aricle appears to reference a vulnerability rather than a backdoor, I just thought that some might find this to be an interesting related story.
Here it is from the horse's mouth:
http://www.securityfocus.com/archive/1/375954/200
Paperless Machines CAN be good. Here's How: (Score:4, Insightful)
Essential: Build the machine and software from the ground up starting with the proposition that you will have to recount the votes. All other considerations are secondary.
Parallel testing. On the day of election, randomly select a machine, pull it out, and run a simulated voting process on it. Compare the results with what they should be. Video the entire process. If the results are wrong, go back and investigate the video tape. It should be done for each polling place. This is expensive. The machines cost $3,000-$5,000.
Test before, during, and after elections.
California requires mandatory recounting for a random 1% sample of all ballots. This was introduced after optical scan ballots. This should be a national law.
New Hamphire allows any candidate to demand a recount for up to a 3% margin. Experts know how to count.
Florida did not know how to count votes correctly like many other states.
Issues like blind access are important to the blind, but remember our priorities! Recounts are the essential priority!
Ways to Cheat
Don't activate the cheating until after the election starts.
Only cheat with a few machines. Only a margin is required to swing a close election.
No verifiable audit trial. Design a paperless machine that counts votes and is not voter verifiable.
Get access to the machine before or after the election. The machines are almost always kept in insecure storage and shipped via insecure delivery.
Randomly change a number of votes each way each time you check the results. Change some votes for Kerry and some votes for Bush. Just weigh the cheating for your candidate. This way, you can't tell whether the cheating is a bug or malicious code.
This is great. (Score:3, Interesting)
Unfortunately, none of my buddies work on the voting software but man, oh man, is this gonna be fun.
I especially love the quote about "...incompetence and indicate that Diebold programmers simply don't know how to design a secure system." We've always had the friendly "our programmers are better than your programmers" competition but I guess it's obvious we win.
My e-voting experience last Tuesday (Score:4, Interesting)
Bullshit! (Score:5, Insightful)
I call bullshit!
I'm sure the Diebold people do understand security, very well. Security is their main business. Clearly, the absense of security in the voting systems is not a result of accident, oversight, or incompetence. I am sure the absense of security is absolutely intentional.
These machines are designed, from the start, to rig elections.
Did anyone notice this part in the article? (Score:3, Interesting)
Re:Did anyone notice this part in the article? (Score:5, Interesting)
It makes sense, the state is awarding people for bringing things to their attention which save them money. A lot of employers engage in the same practice.
Good Description with Pics (Score:4, Informative)
Where's the NSA when you really need them? (Score:4, Insightful)
Someone isn't doing their job.
Mind you, maybe their Signals Intelligence Directorate will intercept this on the way to your servers in the US (I'm in the UK) and they'll take the piss out of the other Directorate until they can't stand the shame and get their fingers out their asses.
Not That Worrying (Score:4, Interesting)
Personal Anecdote:
My polling station got upgraded from the punch-out-the-chad-with-a-stylus system to a poke-the-spot-with-an-ink-stylus system between the last two elections.
My area is heavily Democratic. For efficiency's sake, the polling area has five carrels for Democrats, and two carrels for Republicans. As part of the semi-legendary radical socialist wing of the Republican party, I was waiting for one of the Republican carrels to open up. It was taking a long time, as an elderly Republican neighbor of mine was trying to vote. He complained to the polling place staff that the stylus was not poking out the chads. To demonstrate that it was OK, they pulled a blank ballot off the pad, stuck it in the machine, and stamped a few (possibly) random votes, and pulled it out to show him that the machine was, in fact, working. They then tossed the ballot away. (He was convinced they were trying to invalidate his vote, so he ended up punching each vote all the way through anyway).
But no-one batted an eye that they had just created an illegal ballot. When I called the election office to complain, they gave me a song and dance about how it would have been impossible for them to insert it into the ballot box without raising red flags, how the register would not match, etc. But they don't let you insert you ballot directly into the box yourself; you hand it to someone and you watch them put it into the box. It would be trivial to do a quick palming of one ballot and insertion of another.
With the last election being so close, it would only take a few votes per polling station to throw an election. Bruce Schneier calculated it out in a recent article in terms of cost per vote, and it was quite low. Sure, it would be more expensive and would involve more people to do it in the old-fashioned low-tech way than it would with Diebold's patented cheating system, but the difference is only a factor of two or so. Given the stakes in a national election, that's down in the noise.
So basically, you either have to trust the system and believe that people will not cheat in the election, or assume that cheating is ubiquitous regardless of the physical system used.
#cynicism on
OK: cynicism mode on
In other words, We The People are fucked, we have been fucked, and we will continue to be fucked.
#cynicism off
ERROR: Cynicism mode cannot be disabled.
Re:Password protection? (Score:3, Insightful)
-If an encrypted database were used, along with a strong password phrase and algorithm, there would be very little for anyone to hook into to reverse engineer the format.
-Getting root access on the Linux box is also
Re:diebold (Score:3, Informative)
"Thief old"
Re: "diebold" (German) == "theif old" (English) (Score:3, Funny)
I blew my mod points a while ago, hopefully someone else will be gracious to you (even though you did post as AC.)