Diebold Rebrands What No One Wants 175
Irvu writes "Diebold has apparently failed in their bid to sell their tainted elections systems unit. Unable to find a buyer the CEO of Diebold promised that the system will be run more 'openly and independently.' To prove that they are serious, they renamed it. Diebold Election Systems is now Premiere Election Solutions. They still sell GEMS, AccuVote OS and the ever-unpopular AccuVote-TSX which performed so disastrously in California's Top-to-Bottom Review under the same names. Apparently their rebranding effort only goes so far."
Why can't they have the people who make there ATMs (Score:3, Interesting)
I smell a business opportunity here... (Score:3, Interesting)
At a crossroads like this, an OSS company could just step right in and take over the whole election software market. If some OSS platform were successful here, there'd be no competition from closed source platforms after that. OSS voting forever after. I know that "open" means never having to rely on a single source (if you don't want to), but a great hardware solution coupled with all open source code would make one (or a few) companies really pop.
I have not been looking too hard for OSS voting machines myself, so maybe they're already out there. In that case, they just need some PR so that they're visible to the general population.
Redhat? Ubuntu? Where are you?... Here's your opportunity...
Who's Behind The Curtains? (Score:5, Interesting)
by Bob Fitrakis.
Link: http://www.commondreams.org/views04/0225-05.htm [commondreams.org]
More: " (Bev) Harris writes that the hacked documents expose how the mainstream media reversed their call projecting Al Gore as winner of Florida after someone subtracted 16,022 votes from Al Gore, and in still some undefined way, added 4000 erroneous votes to George W. Bush. Hours later, the votes were returned. One memo from Lana Hires of Global Election Systems, now Diebold, reads: I need some answers! Our department is being audited by the County. I have been waiting for someone to give me an explanation as to why Precinct 216 gave Al Gore a minus 16,022 [votes] when it was uploaded. Another hacked internal memo, written by Talbot Iredale, Senior VP of Research and Development for Diebold Election Systems, documents unauthorized replacement votes in Volusia County.
Harris also uncovered a revealing 87-page CBS news report and noted, According to CBS documents, the erroneous 20,000 votes in Volusia was directly responsible to calling the election for Bush. The first person to call the election for Bush was Fox election analyst John Ellis, who had the advantage of conferring with his prominent cousins George W. Bush and Florida Governor Jeb Bush."
And: "Documents illustrate that the Reagan and Bush administration supported computer manipulation in both Noriegas rise to power in Panama and in Marcos attempt to retain power in the Philippines."
Two words: crooked casino.
Re:I smell a business opportunity here... (Score:3, Interesting)
Yep, it's been used over here, and runs on Linux live CDs. http://www.softimp.com.au/evacs/index.html [softimp.com.au]
There's a Wired article here: http://www.wired.com/techbiz/media/news/2003/11/61 045 [wired.com]
Re:I smell a business opportunity here... (Score:5, Interesting)
Another group of companies who are ideally positioned to benefit from this are gaming machine manufacturers. In fact, since ATMs probably aren't as open to government scrutiny and regulation as your average video poker machine is, the gaming machine manufacturing industry is probably *better* positioned to comply with government regulation and produce a tamper-resistant system than Diebold is, and could probably fairly easily adapt one of their gaming platforms to the purpose - you sign in, you get a card to insert in the machine (good for one "voting credit"), you make and review your choices, you collect the machine-punched verification card and "voting card" and deposit both in the appropriate boxes on the way out (with the punched "ballot paper" really only being for verification and tamper-control purposes). Forget the privacy concerns - the voting cards needn't be traceable to any particular individual, and could be constantly re-coded with one-time-use "voting-credit-numbers" as they're recycled during the course of the day - and since the paper electoral rolls won't have timestamps on them, there'll be no way to tie the time of use of a particular voting-credit to a particular voter. To me, this almost seems natural and self-evident, and I'd be very surprised if there weren't gaming companies considering either doing this themselves or spinning off subsidiaries to do this themselves.
Re:voting machines are unfit for public voting (Score:2, Interesting)
Actually, you aren't even guaranteed the right to vote , let alone your vote be kept secret
Believe it or not, the U.S. constitution allows government to deny your right to vote, as long as it is not based on your race or slave status.
There have been numerous amendments since (such as women's right to vote), but you're still not guaranteed an irrefutable right to. For example, Texas law denies the right to vote to the 'mentally disabled' and incarcerated criminals. It would be very easy for public officials to repress our ability to vote, if they collectively chose to debilitate the U.S. public. Just a thought.
And of course... (Score:2, Interesting)
Re:Why can't they have the people who make there A (Score:4, Interesting)
Independent review (of the leaked source code) concluded that the code base was of shockingly low quality, lacking in many basic principles of secure and defensive design, most likely written by programmers with very little training. Unfortunately this didn't stop it from being election-ready certified, which I imagine is where the real value was for Diebold.
Unfortunately, as any decent coder knows, a huge mess of spaghetti code is nearly impossible to fix short of a complete rewrite, which is probably why the system hasn't gotten any better since then.
Re:This was not intended to get voting machines ba (Score:3, Interesting)
Long ago, people were scared of "NutraSweet" because of some series of news stories and bad press. So they took the label off of the foods that contain it... just the label though. It's still there. Just look for "aspartame" in the ingredients list.
Not that easy (Score:4, Interesting)
Second, an ATM is, by and large, just a slightly more secure terminal to the bank's central computers. It's not the ATM that authorizes your transaction, or transfers the money. It's just a terminal that's networked with a central system. So it's slightly easier to get things right.
With voting machines, the whole assumption that it must be anonymous, plus the bigger distrust of a single central station that counts everything, screw that assumption up big time. You can't go and transmit "Moraelin voted for the German Anarchistic Pogo Party" (I didn't, but for an easily rememberable example sake) over to other computers.
Third, the various kinds of bank terminals get numbers wrong more often than you'd think. E.g., the Deutsche Bank fairly recently introduced OCR machines where you can just shove the check in and have it read, so you don't have to type it all. Well, one of the damn machines didn't read the decimal point, so I ended up transferring 100 years worth of fee to my insurance.
The bank will help you solve such problems, but never claimed that it's 100% bullet-proof and more infallible than the pope.
Fourth, banks (if their central software is anywhere near well written) have other checks and safeguards.
E.g., every cent transferred must be a cent that comes from somewhere else. Even if someone maliciously manipulated the software or the database, you have a chance to catch it. If at the end of the month you do the totals and you have money that appeared out of nowhere, or disappeared into nowhere, you can start an investigation.
Plus it can catch erroneous transfers in the first place. For example my erroneous money transfer should have bounced from the start because most sane people don't have that kind of money in their personal day-to-day account.
E.g., similarly all the money moves must be accompanied by an entry in the transaction table. If someone's account grew by a million, but the transactions to that account don't add up to +1,000,000$, you can call the cops.
E.g., you can have other triggers, regardless of whether the transaction is correct or not.
For example, any incoming money transfer over, say, 10,000$ will automatically trigger an investigation. Ditto if someone suddenly starts getting lots and lots of little transactions. That's mostly against money laundering, but would also catch any error where a bunch of money appears out of nowhere.
For example, you can have bogus rows in the accounts table, which normally have no reason to be accessed, and are booby-trapped with a trigger. If some DBA comes with such ideas as "I know, let's shave a cent out of each account and add it to mine" or "I know, let's export the names and credit card numbers and sell them to scammers", chances are he'd stumble over such traps. Plus, it would trigger an investigation when a bunch of credit card numbers assigned to such bogus accounts start appearing in transactions.
Etc.
All this simply doesn't apply to votes.
- You don't have to take a vote from somewhere else to assign a vote to Moraelin, like would be the case with money
- You don't have people checking their balance and asking you to fix the errors. The whole idea of anonymity is that you shouldn't store anywhere stuff like "Moraelin voted for the German Anarchistic Pogo Party". If I can check "wait, did you count my vote for the German Anarchistic Pogo Party?" a month later, then so can someone else. That's another bank safeguard that just doesn't exist.
- you can't really use any sums as triggers, because everyone gets the same number: 1 vote. Each transaction says exactly the same: "1 vote for party X". So you can't go and say "whoa, we'll investigate all transactions over 10,000".
- since it's anonymous, you can't check how many transactions each person has, either