U.S. Bars Lab From Testing E-Voting Machines

joshdick writes to point out a NYTimes story on the decertification of Ciber Inc. from testing electronic voting systems. It will come as a surprise to no-one here on Slashdot that experts say the deficiencies of the laboratory suggest that crucial features like the vote-counting software and security against hacking may not have been thoroughly tested on many machines now in use. From the article: "A laboratory that has tested most of the nation's electronic voting systems has been temporarily barred from approving new machines after federal officials found that it was not following its quality-control procedures and could not document that it was conducting all the required tests... The federal Election Assistance Commission made this decision last summer, but the problem was not disclosed then... Ciber... says it is fixing its problems and expects to gain certification soon."

Hacking Democracy anyone?

Never in a million years did I expect this to happen.

Re:

Not "hacking democracy," per se, merely concealing the fact that democracy can be hacked...

But why?

It's never been explained, to my satisfaction, why the use of paper ballots (or at least paper TRAILS), had to be replaced with the computer-voting machines.

And not just replaced, but REPLACED RIGHT NOW with very little public input and negligible testing. Whenever I see such a huge rush to change something that's worked remarkably well for generations I get suspicious. When I see such a huge rush to change something that's worked for generations without any meaningful dialogue about whether it really should be done, I get even more suspicious.

When I see that same huge rush to change something upon which our Democracy depends, and that's been open to public scrutiny and has worked well for generations and replace it with some closed-source stuff that's not been sufficiently tested and the CEO of the company who provides said closed-source, easily hacked systems is also a major contributor to one of the political parties and who GUARANTEES DELIVERING A VICTORY TO THAT PARTY, I simply assume that the whole thing is pretty goddam crooked.

Re:But why?

It's never been explained, to my satisfaction, why the use of paper ballots (or at least paper TRAILS), had to be replaced with the computer-voting machines.

It's really very simple. Paper records (such as ballots) are the evidence that can be used to verify the results of an election, or to prove when election rigging has occurred. If you want to rig elections without getting caught, it is essential that there be no evidence. Hence, the paper had to be eliminated from the process.

The only people who oppose paper ballots are the ones who want to rig elections.

Re:

"The only people who oppose paper ballots are the ones who want to rig elections."

Oh yeah because paper ballots were used so well to confirm the Florida elections in 2000 and sparking a constitutional crisis.

"Ooh lookee, it's half a punched chad... that's

Re:But why?

"Oh yeah because paper ballots were used so well to confirm the Florida elections in 2000 and sparking a constitutional crisis."

I consider paper ballots as where the person actually makes a mark with ink on a piece of paper, not some weird misconceived contraption where you punch holes in the paper with a poker. By that way of thinking even if the computer makes the actual mark you would still be calling it a paper ballot. Pen and paper, is it that inefficient that we are scrambling to get away from it?

Is it so hard to conceive of an imperfect world where people don't want to play by the rules, that election fraud is relegated to just another unfounded conspiracy theory in you mind?

I do think the motivations of some are very suspicious, but I think the motivations are probably more based on the desire to make money on voting equipment. That voting machines make election fraud easier and nearly undetectable maybe just a side benefit.

Oh and were those hanging chads really worse than a virtual electronic ballot? At least the malfunction in the system was detectable. In a computer, errors in programming or hardware, either intentional or not, would be somewhat abstracted from the final result. Personally, I would prefer that both I and the elected person know that there is some doubt as to the intentions of the electorate versus allowing a elected official to hold office without knowing that his or her election was the result of some funny business.

But yes, some people would rather live in a society without integrity where the conflicts and corruption is ignored for as long as possible. Short term peace at the expense of longer term integrity.

Re:But why?

Is it so hard to realize that the paper ballots/trails are just as susceptible to election fraud as electronic ballots such that electronic voting is just another unfounded conspiracy theory in your mind?

Yes, it is. Election fraud is much harder to pull off when it involves someone actually putting pen to paper. Logistics are important to election fraud because it has to involve as few people as possible and be very uncomplicated to assure success. Pressing a few buttons on a computer and having a voting history destroyed or writing a program that simulates vote casting is much easier and importantly could involve fewer people than physically creating individual frauds of paper ballots.

Oh well then, let me update my rant:

"This circle is half colored in. Obviously the voter intended to vote for my candidate."
"No, it's not completely filled in. Therefore this ballot is in error and doesn't count."
"This guy voted for Pat Buchanan, obviously his vote is incorrect."

Yes, the form of paper ballots matter. In my town we do well enough with having to connect an arrow with a magic marker. No it is not perfect and mistakes in "interpretation" could be made during a recount even asking people to make a clear mark. But the important thing is that there are clearly defined criteria for counting a vote that the average person can meet within a human margin of error.

My point to all this is that I voted in a county that had mechanical voting machines for nearly 50 years. They didn't have a paper trail. The only thing that was updated was a mechanical counter inside the machine that kept the tallies. These machines were opened during the day to check the counts (at which point they could also be tampered with) and at the end of the day these counts were read off and phoned to the central office then the counts were reset.

That would be just as bad as any other virtual ballot system, but I doubt you are describing the story in full. I too have voted on the machines with the little switches and the big lever, but I recall that there was also a roll of paper where a mark was made for each vote cast, which could be recounted if needed. I have nothing against this method, or for that matter computer ballots, as long as there is a physical record of the actual vote. What was lacking in the machine you describe, was a way for the voter to verify that the vote was recorded the way he or she voted.

What's the difference between the mechanical and the evoting ones? Ultimately nothing. Ultimately you have to trust the people running the system because otherwise Democracy means nothing because you don't trust your fellow man to properly vote or check your vote. I realize that's difficult when Bush is trying to orchestrate a coup to overthrow Democracy, especially after all those Diebold machines gave the vote to Republicans in this last mid-term election. But hey, that's how it goes.

The point is that you have to trust most people in a Democracy to do the right thing, but you can't trust everyone. The system must be designed so that individual corruption does not so easily corrupt the whole system. Computer balloting, especially without a voter verified paper trail, threatens this principal. In the past sure you could have a vast conspiracy involving hundreds of people strategically positioned at polling places to gum up the works in your opponents territory... so that what it took was a fairly elaborate dirty tricks outfit to steal an election. Now you have 5 or 10 people that know a thing or two about computers and find some vulnerability in the system and hack the election in a wholesale way.

Oh and it also becomes much more believable when the election machines stop working in a particularly busy district and the long lines reduce turnout and votes never even get cast. Much harder to justify those long turnout reducing lines when all someone needs is a pen and a surface to write on.

Though e

Re:

Punch card ballots may be subject to user error, such that there can be an election so close that it actually matters who the incompetent voters meant to vote for, and whether they did a good enough job in expressing that preference for their votes to coun

Re:

I guess you don't remember 2000's election.. a large part of the push for electronic voting machines (and the Help America Vote Act, aka HAVA) was claims that older systems were inaccessible or misleading. Southern Florida's butterfly ballots, locales wit

Re:

While I fully agree with you...what can we the citizens do about it? I guess our only hope is that the Democrats take them to task. Unfortunately they're politicians too so who knows if THAT will ever happen. And lets say we found evidence of tampering,

Re:

It's never been explained, to my satisfaction, why the use of paper ballots (or at least paper TRAILS), had to be replaced with the computer-voting machines.

And not just replaced, but REPLACED RIGHT NOW with very little public input and negligible testing.

Re:But why?

Only in the USA could a corporation's secrets be valued more highly than the Democratic Process.

Any voting system requires Universal Comprehensibility in order to be trustworthy. After all, how can you trust something that you cannot even understand? The use of Open Source Software is not enough: it restricts the set of people who can understand the system to competent programmers.

Elections should not depend upon any technology that is beyond the understanding of a school leaver with passing grades. Pencil, paper, slotted boxes, wire seals and hand-counting have been used successfully since democracy was first invented. Everybody can understand how they work -- and, just as crucially, all the potential failure modes.

What's more, using complex machinery doesn't change the failure modes, nor the need for vigilance. If the voting machines use a paper journal roll, someone still has to inspect each and every machine to make sure that the take-up spool is empty at the beginning of the election, and certify same by fitting a tamper-evident seal which prevents the machine from accepting votes. How is that any better than someone checking that each and every ballot box is empty, and sealing the slot with a tamper-evident seal?

Personal experience with Ciber

Having worked with Ciber before myself, I'm not surprised. They basically leech off government agencies foolish enough to hire them. They charge a lot of money to essentially tell government agencies what they want to hear (which, in this case was "The e-voting machines are fine"). Their actual research methodology is, shall we say, "suspect."

Re:

I forget whose dry wit you were paraphrasing there. Was it Menken or Barnum or goldwyn?

The real question

The real question is whether or not Ciber were following their procedures, but why they were not. There should be a full-scale investigation into things like, oh, maybe how much money has passed between Diebold and Ciber, and how much stock ownership Diebold has in Ciber and vice-versa. If you want to know why things happen the way the do, one merely needs to follow the money.

so its a problem of documentation

Basically they've been bared from approving new machines until they add a step to their test cycle called "fabricate documents". Unless officials are overseeing (actively watching) the testing process there is no way to determine which tests were run and passed and which tests simply were documented as passing.

WTF?

All the news about voting machines being buggy, insecure, etc. is just ridiculous! Am I missing something terribly complicated in the requirements for how these machines should function? For shits sake they are glorified vending machines! Push A1 and you get a Hershey chocolate bar and H5 gets you a bag of BBQ chips. Now just replace Hershey chocolate bar with candidate A and BBQ chips with candidate B. Seriously, WTF is going on with these things!

Re:

B7... DAMNIT! I wanted Skittles not the Republican...

Re:

WTF is going on is that when you push A1, you physically get a Hershey chocolate bar. With electronic voting machines, you get nada. Zilch. Nothing. Diddly squat. Oh, except for a little screen that says you voted for Candidate A, but how do you know?

Re:WTF?

Paper print out for voter's records, paper print out on a roll visible behind safety glass screen that the voter can verify which is archived for verification - its not difficult - shop tills (checkouts) have been doing the same thing for years.

Re:

The Sequoia electronic voting machines that some of the California precincts use can do this, but only after you've already cast your vote. Unfortunately, the ballots have so many items sometimes that you can't show all of the results in the same window wi

Re:

I wanted a candy bar which was "HH" so I hit H twice, and fuckin' potato chips came out! They had an "HH" button! Christ - you gotta let me know! I didn't learn my AA BB CC's god god dammit dammit.

Re:

I like when you reach into the vending machine to grab your candy bar, that flap goes up to block you from reaching up. That's a good invention. Before that, it was hard times for the vending machine owners. "What candy bar are you getting?" "That one, and

Re:

I wanna make a vending machine that sells vending machines... it'd have to be real fuckin' big!

Re:

I wouldn't be surprised if there was such a thing in second life...

If there ain't, it's my idea! Don't you dare to steal it! :)

Re:

You don't get karma from +1 funny as far as I know. But you're right, it was mitch's jokes not ours.

Re:

What happens if you press 5F like they always tell you not to? Does the machine name you as the landslide winner?

Re:

Down the hall from my office is a vending machine. The screen is fubar, and it is mostly empty. However every so often it gets restocked. The fun part is that if you start punching in random numbers it will start running the coils. The only reason ther

Re:

The problem is that those BBQ chips don't get billions and Hershey's get zip when you choose H5 instead of A1. Worse, you can immediately check whether the machine is actually doing what you want. If they want to trick you because they have a surplus of He

Title misleading

I'm sure theres nothing stopping them from testing the machines, what they've been prevented from doing is approving them.

And the net real-world effect will be...?

I wonder whether this decertification will cause anyone to wonder about the advisedness of using these very same voting machines in elections?

After all, we would not want to use untested electronic equipment in other crucial areas of life, like medical equipment. Why allow them to run/determine elections?

I expect this is why disclosure was delayed

Imagine if people filed lawsuits to stop or delay the elections this last time, to undertake a comprehensive review?

Bigger problem -- waterfall process

Even bigger than the immediate problems is the assumption that the waterfall method works for testing the correctness and security of software systems. Let's say that this testing organization finds a serious security problem with the already "finished" system, one that can't be quickly and easily fixed? What then? There will be huge pressure to force a quick fix in place. Instead, the security audit should happen in parallel with design and development, so security problems can be found and fixed closer to their commission.

Re:

No, what you are saying can work for internal validation, but here, we are talking about official certification.
1- it has a meaning only if it is performed on the exact system that will be delivered.
2- it absolutelly needs to be performed by an independant

Outsourcing certification makes no sense.

OK, the government should not be in the business of designing and manufacturing equipment.

But why outsource the certification of equipment? This is precisely the kind of task that a government bureaucracy is best suited for: you have a routine task that is done by established rules and procedures. It's hard to see how a private company could outperform a government agency at apply a set of standards with unforgiving rigidity. The problem with government processes is that even good people working in them (of which there are many) are hampered by the bureaucracy's rules and culture, which limit the scope of individual initiative and judgment. In this case it would be a good thing.

The hard thing in the whole process is creating the certification standards. Here there is considerable use for consultants from academia and business.

What this suggests to me is that there aren't really standards. It looks like they just took the whole mess and swept it under the rug, letting the vendors select a sham certification organization.

This is an abdication of an important responsibility the government has. Not just to ensure free and fair elections, but to make sure it spends our money responsibly.

What's the point?

People are up in arms about a company that does software QA work not following its own procedures when analyzing voting machines?

Why?

Irrespective of who gets elected, they're not going to act on your behalf anyway.

Sorry to be a bit cynical about this, but

even if they did test, it would be of minimal use

Almost all the required testing is about machine performance and durability. Very little of the testing has anything to do with hardware or software security.

Misleading headline

RTFA! Ciber is not banned from TESTING, but from certifying the machines as properly tested. This is due to Ciber not properly performing the tests, including completing the proper paperwork and observing the safeguards that ensure the tests are accurate. A better headline would be "Government Halts E-Voting Machine Certification - Testing is inadequate"

Sheesh. Come on /. Editors, you should at least *rad* the linked article you are posting and put a *proper* headline on it, rather than the misleading inflammatory crap that you used. KDawson proves yet again that he is an utter boob when it comes to editorial selection and headlines. Time to fire his ass.

Typo correction

"you should at least *rad* the linked "

And I should READ rather than just spellcheck my posts. "rad" apparently is a properly spelled word; LOL!

Re:

Ciber is not banned from TESTING, but from certifying the machines as properly tested.

That's like saying that if the government decided to quit allowing people to drive Fords, it wouldn't be banning Ford from making automobiles.

Explain why anyone would hav

Re:Misleading headline

His point isn't that Ciber will keep testing, it's that the /. headline has a negative bias to it; it makes it sound like the Government banned an independent organisation from looking at the machines, which seems corrupt, when actually they were acting to try to increase the stringency of the testing.

Smash them

If the machines and their code are still obfuscated by the next election then the machines should be destroyed.

If the government and it's anointed tools aren't up to the job then it's the duty of the citizens to take care of the problem. It's why we have the right to bear arms. It's why Thomas Jefferson's memorial has such pithy inscriptions. We sadly, currently, live in exactly the situation the founding fathers foresaw.

If the only effective protest is the destruction of the tools of misrepresentation, and if people are willing to die for their freedom and to protect their country and their constitution there shouldn't be any problem. We should fight the threats at home before exporting our expertise to damage others abroad at the behest of corrupt industries. Our politicians have been funded/emplaced by the very companies who seek to profit the most from a muddled vote. If voting is our one sure way of getting a message across then it needs the same kind of protection that the Constitution requires. It requires and demands the right of the citizenry to implement deadly force to secure it's own voice.

With the long lines and the availability of floors and blunt objects in polling places it shouldn't take more than an hour after polling facilities open to accomplish the task nation-wide.

And to all those citizens who think this isn't the solution, please reply with one that's rooted in reality, and not some "hugs and tea" fascimilie of reality.

Cheers.

Re:

And what next? You have to have more to your plan, no? If this happens across the country, National Guard (those who are left in this country) and police with M16s will pour out into the streets and massive beatings and riots will ensue. So what is the

Re:

What more does there need to be than for a group of patriotic citizens at every polling place to do what they must?

We are supposed to have a proud history of resistance in this country to injustice and control.

As always, the number of citizens greatly outn

Hugs and tea

and not some "hugs and tea" fascimilie of reality.

Actually, I think that something along the lines of "Boston Tea Party [wikipedia.org]" might be appropriate in this situation. It's time to stand up for what is right, people!

Re:

Do as they do in other countries. March on Washington. With 5 or 10 million people campled around your capital and the eyes of the
world looking on you can reclaim a government of the people by the people.

Millions worldwide marched in protest of the Iraq wa

Secure tallying

With all of the problems of e-voting, and the lesser problems of paper ballot voting, I think it has become obvious that what we need is secure tallying, not secure voting. We're pretty good at getting people to properly mark up a ballot, hanging chads not

Canadian Voting System

I used to be ashamed of our technology on election day, but in light of news over the past several years, it really does seem to be effective. Paper, golf pencil, large 'X', thousands of volunteers to do the counting. Nothing to explain to voters, no fear

This is heading for a serious problem

And that's quite like the problem some of the ... let's say less democratic states were and are in: If you can't trust the way your government came into power, you will not trust your government. If you don't trust your government, you will not support it.

What about one-time write ROM's?

I've heard the debate go both ways about the pros and cons of electronic voting systems vs traditional ballots. Of course, each has their vulnerabilities.

If electronic voting machine developers are so bent on eliminating the paper trail, what about an e