Diebold Admits Flaw In Voting Software

NewYorkCountryLawyer writes "At a public hearing in California, Diebold's western region manager has admitted that the audit log system on current versions of Premier Election Solutions' (formerly Diebold's) electronic voting and tabulating systems — used in some 34 states across the nation — fails to record the wholesale deletion of ballots, even when ballots are deleted on the same day as an election. An election system's audit logs are meant to record all activity during the system's actual counting of ballots, so that later examiners may determine, with certainty, whether any fraudulent or mistaken activity had occurred during the count. Diebold's software fails to do that, as has recently been discovered by Election Integrity advocates in Humboldt County, CA, and then confirmed by the CA Secretary of State. The flaws, built into the system for more than a decade, are in serious violation of federal voting system certification standards."

Re:One Word: Scantron

[Anonymous Coward]

I'm a Humboldt County resident (where these machines were investigated). The machines with the flaw are the scantron-style voting machines that are built by Diebold. My understanding is that the flaw isn't in the vote collection, it's in the vote tabulation.

I agree with you though that it's nice that at least there is a paper trail to follow unlike with touchscreen voting.

Re:American Idol

[Mike Buddha]

Actually, we have no idea how fair or to what confidence level American Idol singers are voted on. We have nothing except what we're told by the producers.

Re:Umm, duh?

[Anonymous Coward]

Hell I can give you code that looks perfect, but then have the compiler put a backdoor in for me.

And then I could give you a processor that has a backdoor in it.

And then I could give you a election observer that has a backdoor in him/her.

Re:One Word: Scantron

[Anonymous Coward]

Scantron machines aren't a panacea for curing the ills of electronic voting. There are physical ballots which can be counted manually which is good for auditing, but most states have laws which specify the rules under which a physical recount can occur: evidence of election tampering, and a too-close-to-call election. With respect to the first scenario, a losing candidate will not get standing to have the courts order a recount unless there is evidence of election tampering. But in order to force the state to investigate election tampering you must first present the evidence of election tampering--Catch-22. In the second scenario of close elections, the actual scanned ballots aren't necessarily counted, but just the totals taken off of each scantron machine's tape are compared with the numbers uploaded to the tabulating servers. A scantron machine can still produce vote totals that do not match what the physical ballots show, and the tabulating servers can still be messed with, especially if the tabulating software has sucky/non-existent auditing capabilities like the Diebold versions.

What needs to happen are random statewide audits of various precincts by the state election board (handled by a neutral third-party accounting firm) to make sure that physical ballots match the machine tapes that match the totals uploaded to the tabulation servers. There's still too many weaknesses in the chain to make electronic voting a reliable alternative to pencil and paper.

Re:and who's going to CARE?

[c41rn]

I don't know if you were going for sarcasm or missed it in the article, but the machines in question (the flawed machines in Humboldt County) ARE optical scan machines. They are made by Diebold and they have software flaws that cause errors in how the votes are tabulated. For example, their software was in some cases dropping the entire first batch of scanned ballots (batch 0).

However, it is precisely because they are optical scan ballots - with a paper trail - that led to the flaw being found. Mitch Trachtenberg, a volunteer AFAIK, was able to scan all of the ballots post-election and tabulate them using his own open-source software. The discrepancy between his results and the official results is what led to the discovery of the flaw in Diebold's software.

I'm glad that they were using optical-scan ballots and that they saved the paper copies (and made them accessible), but it's still vulnerable to software flaws, "errors", etc., even if it is optical scan.

Re:Seems unlikely

[Anonymous Coward]

A 10-year old NCR ATM crashes way less than a shiny new Diebold ATM. Their hardware is cheap and their software unstable, meaning ATMs have to be cloned every 3 months. I can't even imagine how complicated those voting machines are...

Re:There is a lot of talk, and little action.

[Anonymous Coward]

This is based on the assumption that the ATMs are
properly designed. No one has done a public source code audit on them.

But anyway, Diebold security model has been dire for years. They have/had test boxes with source code on the public internet with anonymous login for ages. And by ages, I mean mid-90s to at least 2004 ish. The last time I checked.

This isn't "omg conspiracy". This is "omg they suck".