Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

CA Proposes Rigorous Voting Machine Testing

Posted by kdawson on Thu Mar 29, 2007 12:20 PM
from the red-five-standing-by dept.
Government United States Politics
christian.einfeldt writes "During her successful campaign for California Secretary of State, newly-minted California Elections Czar Debra Bowen spoke repeatedly of the need to use free open source software in voting machines to ensure the integrity of California's elections. Now that Secretary Bowen is acting on that campaign pledge, closed-source voting machine vendor Diebold worries aloud that rejecting its black-box voting machines could snarl California's elections. Diebold's concerns come at the same time that it is suing Massachusetts for declining to purchase those same voting machines." Quoting: "California's elections chief is proposing the toughest standards for voting systems in the country, so tough that they could [have the result of banishing] ATM-like touch-screen voting machines from the state. For the first time, California is demanding the right to try hacking every voting machine with 'red teams' of computer experts and to study the software inside the machines, line-by-line, for security holes."
+ -
story

Related Stories

[+] Diebold to Withdraw from E-Voting? 329 comments
ICA writes "It appears after years of criticism, Diebold may be ready to withdraw from electronic voting entirely. The company is concerned that this relatively small and marginally profitable unit is hurting the company's overall image."
[+] Your Rights Online: Diebold Sues Massachusetts for "Wrongful Purchase" 422 comments
elBart0 writes "Diebold has decided to sue the commonwealth of Massachusetts for choosing a competitor to provide voting machines for the disabled. Diebold wants to force the state to stop using the machines immediately, despite the upcoming municipal elections in many towns. The commonwealth chose the competitor based on an open process that included disabled groups. Diebold executives appeared confused when encountering election officials who made an intelligent choice."
[+] IT: California to Start Review of Voting Machines 154 comments
An anonymous reader writes "California Secretary of State Debra Bowen just announced details about the previously discussed 'top-to-bottom review' of almost all voting and counting systems used in the state. The team features big names in e-voting security: David Wagner, Matt Bishop, Ed Felten, Matt Blaze, and Harri Hursti, among others. Vendors have time to submit their machines including documentation and source code until July 1st or face severe restrictions, including decertification, for the 2008 elections. Scheduled to start next week, the review will include a red-team attack and going through the source code."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

CA Proposes Rigorous Voting Machine Testing 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • novel idea (Score:5, Insightful)

    by gEvil (beta) (945888) on Thursday March 29 2007, @12:22PM (#18529655)
    Thoroughly test the voting machines before deploying them? Wow! Why didn't I think of that?

    • Re:novel idea (Score:5, Insightful)

      by TheMeuge (645043) on Thursday March 29 2007, @12:29PM (#18529755) Homepage
      I smell a "Diebold sues California" /. headline coming.

      • Re:novel idea (Score:5, Interesting)

        by Chris Burke (6130) on Thursday March 29 2007, @01:32PM (#18530631) Homepage
        I can't for the life of me understand why California even considers doing business with Diebold any more.

        Shouldn't the list of requirements for Calfornia's voting machine aquisitions have a clause about "Company should not have repeatedly lied to California legislators, covered up known flaws, nor violated deployment policies by modifying units in the field without validation of those modifications"?

        Diebold has been in trouble with California before. The fact that they can continue to even try to offer voting machines in that state kinda surprises me.

    • Re: (Score:3, Interesting)

      by avronius (689343) *
      Here's a complete solution:

      1. Create software for electronic voting. Use pictures of candidates (and their names, of coz').
      2. Add a printing plugin that spits out a little chit with the picture of the candidate that the voter selected, as well as a bar code that includes the name of the candidate.
      3. Place chit in voting box for validation if required - used in case recounts are requested.
      4. Profit!!!
      • Use pictures of candidates (and their names, of coz').

        A picture of the candidate and the names of their cousins?

  • Oh, California (Score:5, Funny)

    by $RANDOMLUSER (804576) on Thursday March 29 2007, @12:23PM (#18529681)
    I thought I read "Computer Associates Proposes Rigorous Voting Machine Testing", and my head started to hurt.

  • Good idea (Score:4, Funny)

    by UbuntuDupe (970646) * on Thursday March 29 2007, @12:24PM (#18529693) Journal
    I agree with this proposal. They need to double -- perhaps, triple -- check to make sure the code works as intended.

    But I also think CA has been otherwise prudent. For example, using Diebold instead of volunteer open source code. I mean, how can they afford all the volunteer labor?

      • Re:Good idea (Score:4, Insightful)

        by Coryoth (254751) on Thursday March 29 2007, @01:49PM (#18530941) Homepage Journal

        The next step would be to check and make sure that the intention the code works with is the intention the people desire.
        And this is why formal specification should be used. It provides a middle tier between implementation code, and English language specification. Verifying that the code properly implements the formal specification can be done programatically and independently quite easily. In turn, validating the formal specification, by comparing it to the peoples desires in terms of a English language set of requirements is easier than trying to compare coed to the requirements, since it is only intentions that are formally defined, with no issues of implementation to complicate the matter. Stating your intentions in an unambiguous way, via formal specification, ought to be an obvious first step for anything where the need for assurance is as high as it with electronic voting.

  • One principal of a democracy (Score:4, Insightful)

    by saibot834 (1061528) on Thursday March 29 2007, @12:24PM (#18529695) Homepage
    One principal of a democracy is that everyone can verify the counting of votes.

    Now unless you teach everyone how to program I don't see how you can preserve this principal.

    • Funny thing (Score:5, Insightful)

      by WindBourne (631190) on Thursday March 29 2007, @12:37PM (#18529875) Journal
      is that we seem to keep learning and re-learning that lesson. Back in the 1960 election, there was a lot of evidence that indicated that kennedy won chicago by having the dems cheat. Many systems were put in place to prevent that cheating. Now, with the new current system, the evidence is even more overwhelming and yet, we are back to trying to prevent cheating. In particular, it appears that Ohio, Florida, and even texas had massive amounts of voter fraud during the last couple of elections. I guess that our society will be doomed to re-living the same problems over and over as long as we have politicians like rove ( and the dem == before).

  • Unaccaptable failure rate? (Score:5, Insightful)

    by Firethorn (177587) on Thursday March 29 2007, @12:26PM (#18529717) Homepage Journal
    31 machines out of 340 districts? How many were in each district?

    Heck, from what I've read, they've had problems with more than 10% of the diebold machines.

    At least with an automark type system you still have the paper ballots to fall back on, even if a voter might require assistance to fill it out.

    When a diebold type device malfunctions you have the potential for lost and/or erronous vote information, not to mention that NO votes can be taken.

  • e-voting must be as strong as paper (Score:5, Insightful)

    by davidwr (791652) on Thursday March 29 2007, @12:32PM (#18529801) Homepage Journal
    Properly monitored paper ballot voting system is about as good as you can get for the average person. It's main weakness is that it's not private for people who cannot see or read the language of the ballot and for people who cannot mark the ballot for whatever reason. The fact that you must go to a voting station rather than voting from home is also a disadvantage.

    Any replacement system must preserve the strengths of a paper ballot.

    This means
    • Open specifications
    • validation and verification of all equipment and procedures concerning the vote


    In practice, this means the voting hardware and software must be open to public inspection. The same goes for the procedures used by voting officials.

    It also means to the extent possible, the entire process must be observed by interested and neutral parties. Obviously the actual voting must be done in secret but anything that doesn't reveal an individual's vote should be observed. Those things that cannot be easily observed, such as actual electronic count, must be repeatable by another method, such as a hand-count, with the same results.
    • Right. And that's why I keep saying that if you want to know what I think is the approach, it's touch screens with Open Source software/firmware with a paper receipt trail. This allows for the accuracy of electronic counting with a paper backup -- if the paper doesn't match the electronic count, then the software either has bugs or has been tampered with (or there are forged paper ballots, but that's easily countered). Either way, the software can be reviewed by independent computer experts to determine

  • Mass Diebold request blocked (Score:5, Informative)

    by mdsolar (1045926) on Thursday March 29 2007, @12:38PM (#18529885) Homepage Journal
    The request by Diebold to block Massachusetts from buying from another vendor was blocked: http://computerworld.com/action/article.do?command =viewArticleBasic&taxonomyName=hardware&articleId= 9014518&taxonomyId=12&intsrc=kc_top [computerworld.com]
    --
    The proper use of a silicon ballot: http://mdsolar.blogspot.com/2007/01/slashdot-users -selling-solar.html [blogspot.com]

  • What we need is a slot machine... (Score:4, Insightful)

    by Anonymous Coward on Thursday March 29 2007, @12:55PM (#18530111)
    Any electronic voting machines should be regulated to at least the same level as a slot machine. But for some reason we apparently believe that handling the $20 dollars we want to gamble in a casino is more important than the results of an election.

    A casino would never field a slot machine (even a 1c machine) that was as insecure as a Diebold voting machine.

    The security model for a slot machine is rock solid. The hardware and software (source included) must be submitted and approved by each jurisdiction. The security model ensures that if even one bit in the software has been corrupted, the machine ceases to function. The cash-in and payout of each machine is redundantly logged. The machines are completely power tolerant, meaning you can cut the power at any time; when the power is restored the machine will come back up in exactly the same state that it was in before power loss. The machine can print tickets (for a paper trail), as well as talk securely over a network.

    Basically, all the requirements we'd like to see in a voting machine are the same that a slot machine already conforms to. There's no reason to re-invent the wheel here, most of the work has already been done.

  • Treason (Score:3, Insightful)

    by loftling (574538) on Thursday March 29 2007, @01:13PM (#18530391)
    I think that attorneys for the government should be able to demand to see source code for all the machines already deployed. If source cannot be produced (or it does not compile to the same machine code present on the voting machines) then those responsible should be rounded up and tried for treason. Seriously: at no point should *anything* related to how these machines tally votes have been regarded as a secret: that's simply not how voting works in the US.

    I believe that California shouldn't have to demand transparency, I think that we citizens have implicitly expected transparency all along.

    Donate to the Open Voting Consortium [openvotingconsortium.org], they've been working with Debra Bowen and many others to fix the system.

  • This should be so simple... (Score:4, Interesting)

    by dostojevski78 (1004267) on Thursday March 29 2007, @01:24PM (#18530545)
    It amazes me that the US can't get their elections done right. They have the technology to power the worlds most important financial systems, to pilote a drone on the other side of the world and beat any given human in a game of chess. WHY THE ##CK haven't they managed to come up with a voting system that's rock solid, transparent, secure and dependable?!? Why is that even a hard thing to do?

    Heck, I think even _I_ could design such a system:

    - Buy a standard issue PC with a standard issue laserprinter
    - Make a simple voting program
    - Give every voter a Live CD with a unique hard coded serial.
    - The CD is inserted under the supervision of election workers, and the PC is booted up.
    - The voters goes behind the curtain where they find a screen, a mouse and a printer.
    - The voter casts his/her wote. The vote and the unique ID is stored on the local HD, and two coppies is printed out on paper.
    - The voter comes out, ejects the CD AND KEEPS IT, and puts one paper vote in a ballot box. Keeps the other copy.
    - The computer is powered down before the next vote.

    This way one can always check the DB against the paper ballots afterwords. AND: Every citizen who thinks the election has been tampered with can A: Review the software on their CD. B: Check the official "election website", punch in the unique ID from the CD/paper coppy and verify that it's registered correctly.

    This is not complex, this is not expensive, this is not difficult, and as far as I can see; this is practicaly fool proof given a certain degree of random manual chek of wotes. (To eliminate the factor involving electorial workers doing nasty stuff to the PCs etc.)

    Or am I over looking something here...?

  • Nice to see (Score:5, Interesting)

    by frenchs (42465) on Thursday March 29 2007, @01:38PM (#18530719) Homepage
    This issue is actually the very reason this woman got my vote in the last election. I'm glad to see she is holding to her promises. We definitely need more politicians to do this. She, unlike a large number of politicians, seems to have a reasonable grasp on the internets and tech as a whole.

    http://www.ss.ca.gov/executive/bio.htm [ca.gov]

  • How hard can it be to program a voting machine? (Score:4, Interesting)

    by Peter Trepan (572016) on Thursday March 29 2007, @01:57PM (#18531083)

    They just take votes and record them. The only remotely novel programming problem should be the security, and they don't appear to have implemented any! How can these machines keep screwing up when ATMs keep on not screwing up?

    I'm not a computer scientist, but I know many of you are. Is there some hidden level of difficulty here? Some reason why making voting machines should be such a challenge for Diebold?

    • Re: (Score:3, Insightful)

      by One Louder (595430)
      It's a shame you never saw any part of California besides Los Angeles.
    • I don't see this being a problem with California, per se. I'd say it was more a problem of large corporations. Economy of scale is a great thing. But when a company reaches the 'counting drops of solder to close the barrel' stage, a lot of individual choice type options might vanish.

      And, wait... are you complaining that your car has stricter emissions standards? I'm certainly not, living in the second-most smog infested state in the US. If it weren't for CA emissions being standard on so many vehicl

        • Re:As much as I dislike CA.... (Score:4, Interesting)

          by Chmcginn (201645) on Thursday March 29 2007, @12:59PM (#18530165) Journal

          Car companies are far more likely to decide simply to not sell cars in CT than CA.

          Many car companies might, this is true. But I'd be willing to bet that some car companies would make it an option, albiet an expensive one.

          So CA gets to decide what level is correct, and all the other states have to go along for the ride.

          As other posters have pointed out, there are cars sold that don't meet the CA standard. There's packages of solder that don't contain the "This product blah blah state of California blah blah" label. The point is, CA is deciding what's best for it, not for anyone else. It's not their fault if many large companies go along for the ride.

    • Re: (Score:3, Insightful)

      by gurps_npc (621217)
      Detroit and Japan continue to make cars that do not meet California emissions tests.

      The fact that you bought such a care tells me that you looked at the cars that did not meet the California emissions tests and said "No thank you".

      What probably happened is that the majority of the people in the country with needs similar to yours thought that cars should meet California's tests. The few people that did not want the cleaner cars had different needs then you did.

      You don't have a beef with California, you

    • Re: (Score:3, Insightful)

      by drinkypoo (153816)

      My car has "California" emissions and I live in Connecticut. This is just one example of how California mandates things for the rest of the country.

      Interestingly, I can purchase a car in Connecticut, drive it to California, register it, and pass a smog check.

      Vehicles with California emissions and vehicles without are smogged to different specifications, even here in California.

      The restriction only requires new cars sold in California to conform to different standards.

      In California, they make you label e

    • Re:Good (Score:5, Funny)

      by Random BedHead Ed (602081) on Thursday March 29 2007, @12:47PM (#18530013) Homepage Journal

      I'm shocked. Deibold generally tries very hard to avoid the appearance of bias or impropriety, and they offer quality e-voting products that they strive to improve in response to much-appreciated constructive criticism from the community. Whenever they fix an issue with their products, like the closed-source software or the easily-copied security key, they are quick to get the updates out and always thank the community for helping them to improve their products. Their recent suit against Massachusetts has given them a serious PR boost with other states. So yes, their response to this move really surprises me.

      (Sorry if your sarcasm gland is asploding.)

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.