Damning Report On Sequoia E-Voting Machine Security 200
TechDirt notes the publication of the New Jersey voting machine study, the attempted suppression of which we have been discussing for a while now. The paper that the Princeton and Lehigh University researchers are releasing, as permitted by the Court, is "the same as the Court's redacted version, but with a few introductory paragraphs about the court case, Gusciora v. Corzine." What's new is the release of a 90-minute evidentiary video — the researchers have asked the court for permission to release a shorter version that hits the high points, as the high-res video is about 1 GB in size. See TechDirt's article for the report's executive summary listing eight ways the AVC Advantage 9.00 voting machine can be subverted.
"E-Voting Machine Security" like "Microsoft Works" (Score:5, Insightful)
An oxymoron.
The only thing a e-voting machine should be used for is printing a paper ballot.
Count the paper ballots.
Anything else means you have to trust the voting machine, or the people who verified the voting machine.
(You have to make sure that there are no hidden things in any of the chips, the software, any memory card that comes into contact with the machine, the network that the machine is connected to, etc. Seriously, who can possibly think that a E-voting machine with a Sprint data card in it is secure?)
if electronic voting (Score:5, Insightful)
could be made 100% secure, foolproof, etc., it should still not be used
simply because of the PERCEPTION of what happens to your vote in electronic voting
it is a black box. your votes go in, sausage comes out. meanwhile, a piece of paper has no secrets. it stays in a box, it can retallied. it can be messed with and falsified and burned, sure. but not with such ease and not in so many quick secret and immensely powerful ways electrons or magnetic marks on a disk can be messed with
all nations should use paper ballots, doesn't matter how rich they are. joe schmoe needs to touch and feel and smell his vote. voting machines and electronic voting represents a black box system, and therefore represents too much fundamental distrust. distrust undermines the legitimacy of democratically elected governments in the eyes of the people
it is not good enough that joe schmoe vote in absolute security and privacy and integrity. joe schmoe must also BELIEVE that. but in an irreducibly black box system, distrust is inescapable
electronic voting is the greates threat to democracy, ever. no ideological system or intolerant set of beliefs can undermine faith in democracy more than a method of tallying votes that the technofetishist loves, but the general populace views with suspicion
you don't need to say "gee whiz" when you vote
we need to end electronic voting, in the name of strengthening democracy
Re:"E-Voting Machine Security" like "Microsoft Wor (Score:3, Insightful)
You have a very good point here - why are these things even doing all the "tallying" on there own? Wasn't the overall MAIN issue was the validity of "hanging chads" and the like - why in the hell can't we have a simple machine with all the same bells and whistles that simply punches the damn things for us?!?!
On a side note - how hard can this stuff be? It's not like they aren't making a fortune from these things - it's seeming like they are barely able to break even so they have to hire "below the barrel" talent...
Hardware Work Around (Score:5, Insightful)
Re:Elections of 2010 (Score:5, Insightful)
Simple paper ballots, overseen by observers (Score:4, Insightful)
Simple paper ballot. Allow observers from all interested (political) parties to monitor the voting station and the count.
Presto, solves verification of the internals of the not so obvious "voting machines". Voting machines aren't truly verificable.
Re:"E-Voting Machine Security" like "Microsoft Wor (Score:2, Insightful)
Re:if electronic voting (Score:5, Insightful)
I think you have the perception most people have of computers wrong.
Most people think computers are incapable of being incorrect. Microsoft is trying hard to change that, but they are getting less effective.
If the computer is wrong, it must have been something that the user did incorrect. "I shouldn't have clicked on that link to that page", instead of "The browser is broken, it shouldn't have been vulnerable to the stuff on that page"
I agree that paper ballots should be used, but most people think that if a computer is involved it will not be incorrect.
Re:if electronic voting (Score:3, Insightful)
People have put their trust in black boxes for a long time. I'm neither for nor against electronic voting, but I do think there ought to be a paper trail and open source software running it, so it can be verified by a hastily-assembled group of people who don't want to be there.
Besides, any system is fallible: humans take part in it. Even if we kept with paper ballots, who's to say the officials in a district couldn't be paid off to swap the real ballot box with a fake one filled with a known number of ballots for Candidate X? And if the crime was admitted to, and the voters in that district were asked to vote again, would they all re-vote the exact same as they had before? Highly doubtful: they're human.
Re:"E-Voting Machine Security" like "Microsoft Wor (Score:5, Insightful)
Because those are different cases.
The user isn't going to hack his own computer to get his credit card number. Hope that persons computer doesn't have a virus or key logger.
That insurance company or hospital hopefully will have physical security protecting their machines. That doesn't always work, surely you have seen the articles about x million peoples data lost from (company of the week).
Securing E-voting is really like DRM: you want to distribute a device to potential hackers, and keep it secure from those hackers.
If I didn't know any better (Score:3, Insightful)
You know, if I didn't know any better, I'd say that this was the same company as Diebold.
Oh, wait, it is ...
Re:"E-Voting Machine Security" like "Microsoft Wor (Score:4, Insightful)
Because the people with *physical* access aren't (usually) the people trying to hack the systems.
Re:"E-Voting Machine Security" like "Microsoft Wor (Score:5, Insightful)
no (Score:3, Insightful)
people can use computers, television, and the car, but they don't have to trust them. in fact, they don't. the tv has the biased media on it. the computer spies on them with cookies. the car is always breaking down. sure, they still use thes tools, but that's not a question of trust going on with these things in the same way it is going on with their voting system. you do not have the same relationship you have with your tools that oyu have with your social environment
a government is a purely human construct. its all about social structure and where you fit into it. its all about trusting or not trusting the other people around you. its a completely different dynamic. and a sliver of doubt about how the social hierarchy around you works can only grow if you are dealing with a black box voting system
what i'm saying is that your allegories are unsound
An obvious question... (Score:5, Insightful)
Re:"E-Voting Machine Security" like "Microsoft Wor (Score:5, Insightful)
Absolutely. Would you trust your credit card number to SSL if you knew there were hundreds, maybe thousands of professional hackers trying to sniff it?
You mean there aren't?
Paper ballots are ABSOLUTELY safe! (Score:4, Insightful)
Yeah, right! NO ONE can cheat in an election with paper ballots! The concept of a corrupt government did not exist before the invention of electronic voting.
*BULLSHIT*
Reading TFA: This is done by prying just one ROM chip from its socket and pushing a new one in, or by replacement of the Z80 processor chip. We have demonstrated that this ``hack'' takes just 7 minutes to perform.
Do you want to make a bet? Let's see how many paper ballots I can stuff in 7 minutes, given the same level of physical access one needs to change a chip in a computer. This means I can open a box, right? It doesn't matter if the box is electronic or not, it should have a padlock. If I can open the box, with no one noticing, it doesn't matter if the content is electronic or paper.
The intrinsic safety of electronic voting comes from the agility in counting. Counting a paper ballot box takes much longer than it takes to fill that box with a totally different set of votes. By the time you have counted, recounted, and counted again those paper votes, they could have been substituted a dozen times.
Re:Simple paper ballots, overseen by observers (Score:3, Insightful)
Why not? What if the "machine" was a huge wheel with a counter for each candidate. There is a back room that has every candidate represented, and they verify that for every person that enters (they can't see the person) that the wheel only moves one slot. The person voting picks who they want and watch the wheel increment by one, then leave. That's a "machine" that is truly verifiable, isn't it?
And what about a machine that casts the votes, but doesn't tally them? Print the votes, then scan them. If there is a question, then people can check the paper ballots. That't also instant and verifiable.
It seems to me that people too stupid to come up with answers to questions assert that the answers are impossible. Any person that suggests something that works (even if impractical, but I'm just posting a couple proof or concepts, not actually solving the problem) is shot down despite *proof* that the person is wrong.
There is nothing inherently wrong with machine voting. Machines have been used for voting in some manner or another for more than 50 years in the USA, and electronic systems are used reliably and quite trusted in Brasil. To assert that they can't ever be made to do something just means the person making the assertion is too stupid to solve the problem. But I agree, anyone that claims that machine voting can't be verified is certainly too stupid to figure out how to make it so. It takes someone that can actually think to solve problems, rather than just rant how they don't want the problem solved.
Re:"E-Voting Machine Security" like "Microsoft Wor (Score:3, Insightful)
you do realize that most e-voting machines run windows right?
The base OS in these machines is fscked from the beginning, there is no way to secure them completely.
If they used Open BSD, stripped of all unnecessary components compiled from scratch from at least two different compilers to double check all the out puts and inputs then you have a reasonable base to start with. DRM on all software pieces is also needed. at the very least a hash system to approve updates unless they occur 10 days before and 10 days after the election day. During that time no updates should be allowed. while it doesn't prevent tampering, it does limit options and things can be double checked so anomalies can be seen easier.
Paper Schmaper (Score:1, Insightful)
Why the love affair with paper ballots? How do you think paper ballots get counted? By machines! Do you distrust those machines as well? Then your only recourse is to have humans manually tally every vote on every race/issue on every ballot. Hmm, what are the chances that errors are involved in human counting? Ever notice that repeated manual recounts tend to come up with different totals on every iteration?
Yes, machines can be wrong for various reasons including human error and malfeasance. However, mechanical errors are quantifiable, relatively easily detected and corrected. Human error by its nature may be difficult to detect and virtually impossible to correct.
I think we're much better off going the e-vote route and working to improve the systems over time rather than the Luddite approach suggested by the paper zealots.
Re:Paper ballots are ABSOLUTELY safe! (Score:5, Insightful)
Lets change your bet a little bit. The 7 minutes are 2 days before the election. You get private time with the ballot box, I get private time with the voting machine.
What can you do to the ballot box that wouldn't be noticeable 2 days later and still affect the vote?
I was an election judge for Boulder County in 2004. Part of my duties as the head election judge for the precinct was to make sure that there was noting in the ballot box and seal it. From that time until I handed the box to the county officials, it was not left in the presence of any single person, so nobody would have 7 minutes during the election day.
You can't stuff the ballot box 2 days before the election with nobody being able to notice.
**THAT** is what they are complaining about. The machines were left in publicly accessible areas for days before the election. Replace one of the chips with that 7 minutes, and it would take a very detailed examination to notice the problem.
Re:electronic voting in brazil is wrong (Score:3, Insightful)
It's what I said. You aren't arguing about it. You have made up your mind and are on a religious rant against the antichrist, I mean, e-vote. You aren't making coherent thoughts. You are arguing one point one time, and one the other. "No one can trust it" "OK, Brasil trusts it, but the entire country is wrong to do so." You'll change your statements to mold to whatever counter-arguments someone comes up with. Pick a fact, and I'll prove it wrong, but I can't prove your religion of anti-e-vote to be wrong. It's as irrational as any "real" religion (and no, that's not a stab at religions, they are, by definition, irrational, as in not rational/logical, in fact, the Bible says that one can't understand God, so logic/ration are out the window).
do you see the issues at work now?
Yeah, you are a nutjob.
do you think electornic voting is more or less exploitable than paper voting?
Less.
if you think it is less exloitable, you fail at logic
If you were capable of using proper punctuation and capitalization, then one might take you more seriously. However, that aside, take a system where you have paper ballots and holes to punch out. Would you find that more or less reliable than having a computer terminal for every vote and that computer printed out a human-readable "recipt" for every vote that the person takes and drops into the vote bucket with the hole-puncher? Well, there have been numerous cases of hole-punching being flawed (chads and such) and that's paper voting, and yet there isn't a single case I know of where human-readable printed ballots from an e-box were confusing to the counters. As such, an e-voting system is necessarily less ambiguous and less exploitable than the non-e-system I'm comparing it to.
If you disagree, then you fail at logic.
(see, both of us can make the "you disagree, you fail" assertions, did it work for me like you thought it would for you? No? Then stop being a three year old with the "agree with me or I'll tell you that you are stupid" game. I at least wait for you to say something stupid before proving it so)
Re:No problem, just put a disclaimer on the machin (Score:2, Insightful)
The reason is that from the viewpoint of lottery, an individual player gets an individual result (win/lose). A voter is placing a vote which is aggregated with the corresponding inputs from other voters to determine the election winner (we'll ignore the electoral college as being overly pedantic).
The difference is that voters affiliations are not evenly distributed geographically. So, by voiding play on voting machines which are in areas with high concentrations of voters of one party, the aggregate can be skewed toward a desired outcome.
Re:"E-Voting Machine Security" like "Microsoft Wor (Score:3, Insightful)
Making that whole system *secure*, otoh, is almost impossible, especially when it is something as large and distributed as a national voting system. If a company could actually make a completely secure voting system, they could also have a good DRM system. (Yeah, I did say "good DRM system", which shows how possible I think that is)
From Ken Thompson's essay Reflections on Trusting Trust [bell-labs.com], he says it isn't enough to check the source code, you also have to check the compiler, the output from that compiler, and I would add, in the context of a voting system, everything that is or could be in the system/network.
I would like to respectfully disagree here. Your comment can be too easily be summarized to "well, if you can't solve every possible flaw, you don't have a secure system, and so there's no point in trying, if they're all insecure anyway, any system is as bad as any other."
This belief is flawed. Even if you can't prove that there isn't any possible attack, it is nevertheless true that there are better systems and worse systems, and you don't want a worse system. Being able to check the source code-- and, better, having the source code open for anybody to look at-- is in fact a very good start. Yes, it is possible that there may be some hithertofore-unknown flaw in the compiler, and some extremely ingenious cracker might be able to find it and find a way to use it to manipulate voting results... but this is a billion times less likely than the case of some open port left accessable, or a deliberately open back door, that would be found by careful inspection of the source.
(You've misquoted Ken Thompson's conclusion, by the way. His actual conclusion was that you should never trust any program you didn't write yourself. Apparently he's never seen the programs I've written myself.)
Re:LOL (Score:5, Insightful)
Every time I get upset about the tremendous disaster that our modern voting is with the rampant election fraud I remind myself... I am getting upset over the fairness of a system that will only let me choose between two criminals for who should be the leader. It seems to me that getting up in arms about the whole voting trainwreck is pretty stupid considering what we are demanding our votes get counted for. When I am faced with a choice more complex than liar/asshole vs asshole/liar I will be more concerned about how my vote gets counted. As it stands now I can rest assured that no matter what I do my vote would go towards putting a liar and an asshole in office.
I mean really now...its like being lost in the woods and choosing if you want to wipe the shit off your ass with your left hand or your right hand. Which hand you choose is pretty tangent to the fact that you are lost in the damned woods. Seems to me we should be a little more concerned about getting out of the woods than to be upset about which hand got shit on it.
Re:Paper ballots are ABSOLUTELY safe! (Score:5, Insightful)
And I was an election judge for Itatiaia, in Brazil, in 1998. I had more or less the same duties as you had. It was an electronic box.
I inserted a flash card with the software, including the operating system, which was given to me by an officer of the electoral court minutes before the election started.
If you can corrupt a representative of the judge who is responsible for declaring if the vote is correct, does it matter if the box is electronic or paper?
You are ready to swear for the honesty of those county officials, yet you don't trust the people who handled the electronic box before the election?
That's *WRONG*, no matter if the ballots were paper or electronic. No part of an electoral process should be left unattended at any time at all.
To sum up, you have absolute trust in the paper voting system, because you have absolute trust in the way the paper ballot was handled *AFTER* the election, but you mistrust the electronic vote because you mistrust the way the electronic box is handled *BEFORE* the election.
For me, both systems can be corrupted, but the electronic system is better because, given the same level of precaution before and after the election, the electronic system gives faster results. To cheat, you need physical access to the system, so the quickest system is safer.
Re:Paper ballots are ABSOLUTELY safe! (Score:3, Insightful)
Not really, no.
What about when the stuff is in storage? What if someone replaces the processor with a near duplicate that changes the voting output when certain conditions are true (time, the ID of the election, number of ballots cast, etc?)
There weren't just election officials, there were poll watchers and other outside groups watching as well. If it was a pure electronic voting, there wouldn't be much to watch, though.
Somewhat, yeah. I don't trust the computers because it is so easy to change them, change values, have code that doesn't execute for a while, etc. It isn't that I have absolute trust in paper ballots, I just can't think of a better solution. Electronic voting is way down on the list of voting systems I trust.
Except that it is really hard to corrupt a paper ballot before the election. Faster vote tallying also means faster vote tampering. I don't know why you think fast processing means safe. Paper voting isn't perfectly secure. It is just that almost all tampering will leave evidence. That isn't true at all for pure electronic voting.
Re:Don't look (Score:5, Insightful)
False registration is the first step in voter fraud, is it not?
And flamebait on the original post? What...Is rigging the machines not just as bad as encouraging and aiding voter fraud by fraudulently registering voters multiple times, fake voters, etc?
I mean...c'mon...if it is bad for one side, it is bad for the other side too.
Re:"E-Voting Machine Security" like "Microsoft Wor (Score:3, Insightful)
"if they're all insecure anyway, any system is as bad as any other."
It is true that all voting systems are open to fraud, however rigging a paper election is orders of magnitude more difficult than rigging an electronic election simply because of the number of people needed to implement the "hack".
With all due respect, people who believe electronic voting can be made "better than" or even "as good as" traditional paper voting have no idea how the counting of traditional paper ballots is conducted.
Re:"E-Voting Machine Security" like "Microsoft Wor (Score:3, Insightful)
Suppose we had such a situation as you suggest and thousands of reviewers pawed over the code making it "as good as it gets". How do you verify the code that was reviewed is the code that is running?
If the code that's reviewed is not the same as the code that's running, this is in itself evidence of fraud. You don't need to look for a back door in this case; you don't need to even know what the code that's running does, you have already shown fraud.
Re:Don't look (Score:5, Insightful)
encouraging and aiding voter fraud by fraudulently registering voters multiple times, fake voters, etc?
And if you actually look into it beyond fox news and the "sources" that they quote, you may find out that it is legally required by a voter registration group such as ACORN to submit every single registration form that they receive, regardless of if they think it is valid. They are allowed to mark ones that they believe to be invalid, so that they will be further inspected by actual officials, but to my knowledge, no one has questioned the accuracy of their markings. The issues with false registrations are mostly being found as cases of the person collecting registrations attempting to hit quotas to prove that he/she is actually working. Molehill, not a mountain.
False registration is the first step in voter fraud, is it not?
It could be the first step, but it isn't necessary for voter fraud (as some other replies around this thread suggest, there are plenty of ways to mess with democracy).
As for this particular method, are you suggesting that people going to show up with fake ID's to match the false registrations that they submitted? Seems a bit more involved than designing the machines to falsely provide results.
Outside of that, I have recently realized an issue of concern regarding our electoral process... some people have realized that many minorities who are legal citizens of the country and should be allowed to vote aren't being allowed to vote because they lack ID that is accepted at the time of voting. The problem is that while the Democrats are fighting to get these ID laws removed, they aren't really acknowledging that false registrations in conjunction with no ID required would completely undermine our voting system. We still need to find a way for all citizens to vote though (preferably not a solution involving ID's with RFID chips, GPS tracking or whatever else is remotely possible).
Re:Don't look (Score:3, Insightful)
Why in the world did you think ACORN et. al. would go to all the trouble of setting up multiple registrations if such did not result in additional votes?
ACORN agents send in fake registrations so they get paid more by ACORN. What could be simpler than that?