Ohio Audit Reveals More Diebold Problems 222
armb writes with a link to a Wired Blog entry about irregularities found in Diebold databases from the state of Ohio. The election in question here is November 2006, and the corruption of the entries may raise doubts about accurate tabulations. "Vote totals in two separate databases that should have been identical had different totals. Although Diebold explained that this was part of the system design for separate vote tables to get updated at different times during the tabulation process, the team questioned the wisdom of a design that creates non-identical vote totals. Tables in the database contained elements that were missing date and time stamps that would indicate when information was entered. Entries that did have date/time stamps showed a January 1, 1970 date. The database is built from Microsoft's Jet database engine. The engine, according to Microsoft, is vulnerable to corruption when a lot of concurrent activity is happening with the database, such as what occurs on an election night when results are uploaded and various servers are interacting with the database simultaneously."
Jet (Score:5, Insightful)
JET?? (Score:5, Insightful)
Re:I don't know anything about databases (Score:5, Insightful)
Re:I don't know anything about databases (Score:3, Insightful)
1000?!?!? (Score:2, Insightful)
Jet is fine for what it is, but like any other tool it has a proper purpose and should not be mis-used.
I don't know the specifics of the Diebold stuff, it would seem to me though if you had one Jet DB on each machine along with a proper upload tool it should work just fine.... at the same time if I was building a voting machine process from scratch I wouldn't think of using it.
fwiw. ymmv.
Re:I don't know anything about databases (Score:3, Insightful)
I bet it doesn't. It's really more of a single-user database engine. It's nice for redistributing with a single user application, but not appropriate in a network setting. Makes you wonder if they (Diebold) just didn't have anyone with any multi-user database experience.
Don't ATMs access databases too? (Score:5, Insightful)
--
Vote with your roof! http://mdsolar.blogspot.com/2007/01/slashdot-user
I was going to ask for the hahaha tag, but (Score:4, Insightful)
So... (Score:4, Insightful)
Seriously, I dont care if the errors caused changed the outcome or not, its fairly clear that they failed, in the worst possible way, to maintain the level of creditability needed for a damn election. This isn't a "oops, my bad" This should be a federal offence with manditory jail time.
No system is perfect, but come on, JET!? Might as well have the vote counted in diffrent states by the party currently in power, would be just as accurate.
can't believe they're still used (Score:2, Insightful)
I do understand why Republicans get so defensive about this,but these machines have to GO.
The
Re:Problem-free election? (Score:5, Insightful)
In point of fact, there is a difference between "requiring perfection" and "avoiding obvious incompetence". Just, y'know, for future reference.
Re:I don't know anything about databases (Score:5, Insightful)
2 databases?!? (Score:5, Insightful)
Not only would I fire his ass, but I'd make sure to press criminal charges of fraud. Why are these creeps from Diebold, Sequoia, ES&S, et. all not in prison yet?
Diebold makes ATMs; don't tell me that they can't get something as simple as a vote database right. Occam's Razor points to outright fraud, not to simple incompetence.
Oh yes (Score:3, Insightful)
Re:Problem-free election? (Score:3, Insightful)
What always amazes me (Score:2, Insightful)
Voting machines need to be an open-source project anyway. We ALL need to know what's going on in those things.
Re:Problem-free election? (Score:4, Insightful)
Mob, Press and Documentary video TV accusations do not constitute legitimate evidence unless they have facts to back up their claims (not saying they don't).
Guilt by association is one Logical Fallacy which is throw around a lot these days.
Re:Don't ATMs access databases too? (Score:5, Insightful)
The things that went wrong with ATMs were both funny and scary. I have no reason to believe things have changed. The banks and manufacturers go to great lengths to satisfy customers without letting details of the problems get out, because this would undermine confidence in the devices.
With ATMs, if you're smart, you have a slip of paper to verify a transaction. If there's a dispute with the bank, the bank will usually honor the paper documentation, and the customer has no reason to make an issue of the problem.
With voting, there's no going back and fixing results after the fact. Often there's no piece of paper. And on top of that, the whole process is under fairly intense public and governmental scrutiny.
So I wouldn't say there are less problems with ATMs. You just don't hear about them.
Re:I smell fud (Score:5, Insightful)
2. There's a known data corruption issue in the engine caused by concurrent activity
A reasonable conclusion is that the programmers were idiots and wrote an non-thread safe application with multiple threads. Another conclusion would be they intentionally attempted to fix the election. Incompetence before dishonest is the usual way to approach those things...
Re:Problem-free election? (Score:3, Insightful)
Coincidence? Gee, I wonder...
Audits can be done using real database engines (Score:3, Insightful)
Which is why when explaining a result matters, you use a real database engine, not something like jet, which is simply a library to maintain indexed files.
Re:Jet (Score:5, Insightful)
If you wanted to make an insecure system that was easy to hack and manipulate, didn't have basic security features, data integrity, and no audit trail, and thus no record of how data was altered outside of specifications, you might use such a deprecated application.
the winner of the 2008 presidential election is.. (Score:2, Insightful)
Re:I don't know anything about databases (Score:3, Insightful)
I think the term you are looking for is gross incompetence.
Maybe they're trying to convince people that even if they wanted to rig the election, they're too stupid to do it properly?
I have bad news for you... (Score:3, Insightful)
The JET engine is not the real problem... (Score:3, Insightful)
Back in 1995 I came in touch with the JET engine for the first time. It was used in a database application for a commercial aircraft carrier (!) Databases were corrupt all the times. It was obvious that the technology was a mess. At that time, much better alternatives were available for a little more $$. Hence I could not understand why anyone would spend time and money with such broken technology.
Now we see the use of this technology again, and in an application that is crucial to the future of the U.S and to the future of many other countries... the same mistakes are being made again.
But that is not the real problem. Yes, we know that electronic voting machine manufacturers have a long record of being lazy, careless, and incompetent. The actual problem is with the opinion of the decision makers in the administration and with the opinion of the public. Information technology is widely accepted as a means to make collecting, sorting, and counting, of numbers, names, addresses, etc. more reliable and more efficient. So why not use it also to collect and to count voter ballots?
There is this subtle difference between paper and electronic storage. If you write something on a paper or make a hole, then it will be very difficult and time-consuming to remove the writing or the hole. In any case, too much work to alter ballots in significant numbers! And, if you still do, you leave a trace to be discovered by the forensic experts. In contrast, the information stored on a hard disk, in a flash ram, or transferred via network, can be altered very quickly and, if done well, without leaving any trace. Hence it is by nature that electronic voting machines are insecure and unreliable.
Badly designed and badly implemented electronic voting machines just add up to the insecurity and the lack of reliability that this technology has by its virtue. On the other hand, measures like paper audit trails are certainly very helpful, but these are mere attempts to improve a technology that is bad from the outset.
Looking at people's difficulties in understanding and dealing with today's computer security threats, I guess that it will take a lot of time until the aforementioned difference is in the heads of majority of the public and of those involved in the voting process. In the meantime, we will have many more "voting machine news": For every major election where electronic voting machines will be used, there will be stories about malfunctioning machines, missing audit trails, about elections being stolen, and so on. This is the wrong approach to "strengthen the democratic tradition".
My credo is that running a democracy has a prize that is called "counting by hand".
Re:Jet (Score:3, Insightful)
These guys are much smarter than you think (Score:1, Insightful)
Look at it this way: If you are planning to engage in high-profile, widespread illegal activity, why not make it difficult to trace the crime? By creating multiple ways that the data can corrupt itself - poor choice of database, drivers, security, etc. - there is now so much white noise that it is far more difficult to prove malice.
They figure someone will realize the numbers are wrong, but now try proving that it was a conspiracy. It is much more difficult to find exactly where the numbers were changed a) on purpose and b) by the same consistent source with so many other discrepancies clouding it over.
No, it isn't (Score:3, Insightful)
You are incorrect on both counts.
First, if something is "mission critical" do you entrust it to people who have no idea of the necessary details, or will just use a default position to produce the end result as opposed to careful thought and analysis? No.
Perhaps you don't understand what "mission critical" means. I'll clue you in a bit. Take a look at the Space Shuttle. See those massive engines? Those are mission critical. If they fail so does the mission.
Does the country continue to operate if voting fails? Yes. Every election has had issues with voting. Every election from the beginning has had counting issues, validity of the voter issues, etc.. Yet the *Republic* marches on (though it is becoming more of a democracy - yes that's a bad thing). The troops still fight, stupid laws still get passed, political games still occur, the courts still continue functioning, ambassadors still do their jobs, the IRS still siphons the results of your work from your paycheck, the cops still arrest people, the people still work, shop, and generally live their lives, and so on.
Now that said, it does not mean voting shouldn't be taken seriously. But to say it is mission critical is to say something that isn't true.
Why do companies like Diebold not take voting seriously? The people don't. To paraphrase "K" a bit, a person may take voting seriously but the people do not. When you have a large portion of the voters who vote on "single-issue" or party-line they are not taking it seriously. When people go in and punch votes that they didn't research, they aren't taking it seriously. When people are given the choice of evils, the decision is generally not taken seriously.
The candidates and lawmakers don't take voting seriously either. If they did they wouldn't put all manner of blocks in the way of political speech. They also would not make laws to "protect" us from stupidity. They act as if we are stupid except for that short moment of casting a vote - for them. Hell look at all the accusations by the Gore-siders when Bush was elected: the other voters were stupid.
You want voting to be taken seriously? Give us a "none of the above" option. How does it work? Simple: if NOTA "wins" all who were on the ballot are barred from the next election, and it is held 90 days from the first. If NOTA still wins, the office goes vacant until the next election. Clearly nobody was able to fit the bill so nobody sits in the office. If the office goes a couple cycles w/o a victor, dissolve it wherever not constitutionally required.
Another option: Require a majority. Not just a majority of voters, but a full-on majority of citizens. Most elections (in the US at least) don't require a majority, just a plurality (yes that means less than half of the votes can still win - as Clinton did) of the votes cast. Consider the whole of the adult citizenry the body, and in order to have a solid vote mandate that votes of more than half of the citizenry are required to be voted in.
Right now if a third of those eligible vote, and half of them vote for one guy you've got about 1/6th of the population voting someone into office. Where a majority is not required, the numbers can drop down to 20% of votes cast which in the above example would mean what, 1/30th of the population?
Do the same thing for all issues in front of the voters. Bond issues, levies, tax raises, initiatives, etc..
Voting is marginalized by the government (which has a vested interest in doing so), by the voters (who do not do "due diligence"), and by the candidates (who know they don't really need a majority of people, just a plurality of those who hauled their asses down to teh voting station or sent their mail-in ballot in). Something so heavily marginalized can not be mission critical.
Yes, the
Re:I don't know anything about databases (Score:2, Insightful)
Re:I don't know anything about databases (Score:2, Insightful)
Re:I don't know anything about databases (Score:2, Insightful)
More advanced that PostgreSQL? Hardly! Especially versions before SQL 2005. MS SQL still used row locking for updates until 2005, which meant it was horrible under load and impossible to scale to high levels of concurrency. Oracle and PostgreSQL both used MVCC since the very beginning and never suffered from such problems. PostgreSQL added transaction log shipping for backup / hot spare situations with its 8.0 release. MS added that feature 8 months later. I've used all 3 databases quite extensively and could ramble on for a while about the mess of built-in stored procedures in SQL server, lack of UTF-8 support, defaulting to case-insensitive queries, the lack of extensible authentication methods, and so on.
The other downside of SQL 2005 is that it embeds a bunch of unneeded junk, such as the
It has nothing to do with the Microsoft name. It wouldn't matter if it were still called Sybase, it simply doesn't measure up against the competition in the medium-to-high end space. It's all right for low-to-medium end applications (the stuff most people unfortunately use Access databases for), but I certainly wouldn't use it to track Russian nuclear weapons. I'd put PostgreSQL as solid medium contender.