Diebold Admits Flaw In Voting Software 281
NewYorkCountryLawyer writes "At a public hearing in California, Diebold's western region manager has admitted that the audit log system on current versions of Premier Election Solutions' (formerly Diebold's) electronic voting and tabulating systems — used in some 34 states across the nation — fails to record the wholesale deletion of ballots, even when ballots are deleted on the same day as an election. An election system's audit logs are meant to record all activity during the system's actual counting of ballots, so that later examiners may determine, with certainty, whether any fraudulent or mistaken activity had occurred during the count. Diebold's software fails to do that, as has recently been discovered by Election Integrity advocates in Humboldt County, CA, and then confirmed by the CA Secretary of State. The flaws, built into the system for more than a decade, are in serious violation of federal voting system certification standards."
and who's going to CARE? (Score:5, Insightful)
The flaws, built into the system for more than a decade, are in serious violation of federal voting system certification standards.
Sure, you and I care, but who's the them that's going to DO anything?
Besides the obvious "toss them out on their arse", I'd like to see them heavily fined. And I mean like "we want a refund"
Re: (Score:3, Funny)
The "them" will "do" what they can to steal an election here and there. And no refunds shall be due to you -- since of course you didn't get a receipt now, did ya?
There is a lot of talk, and little action. (Score:5, Insightful)
That seems to be the correct interpretation, that the flaws are deliberate. If there were a few defects and they were corrected immediately, that could be accidental. But we've been discussing Diebold flaws for years. Most Slashdot readers, I'm guessing, would be fired for living with something so buggy.
Diebold changed the name [wikipedia.org] of its unit that sells voting hardware and software to Premier Election Solutions [premierelections.com]. Don't be confused; it's still Diebold.
Re: (Score:2)
Actually, some states still answer to that name. The did spin off their election division but some states already own the old crap so it all still says Diebold. Hell, our training manuals had that name on half of them.
Re:There is a lot of talk, and little action. (Score:5, Funny)
Most Slashdot readers, I'm guessing, would be fired for living with something so buggy.
Not me; I work for the government!
Re:There is a lot of talk, and little action. (Score:4, Interesting)
Illinois, with a Democrat Governor, two Democrat Senators, and whose state senators and representatives are mostly Democrat, doesn't use Diebold.
I'd like to see a state by state breakdown of which states use Diebold, and how many of those who use Diebold are "red" states.
I guess you never played chess (Score:5, Insightful)
What is it worth, in terms of dollars and power, to hijack big elections, to wind up owning the government? Now, what is the worth of the entire total electronic voting machine "industry"? Now subtract the second from the first, notice the result... in other words, the real vote hijackers never cared a bit about the potential of losing some penny ante chump change pawn company down the timeline sometime, especially if they were the ones "in charge" of "insuring the integrity of the vote" in the first place...
flatfoot 101, motive, means, opportunity....
Re:There is a lot of talk, and little action. (Score:5, Insightful)
And here's your first clue. Diebold is in the business of making ATMs. That's right. Literally billions of financial transactions, with multiple options and screens to go through on the UI, are performed every year using Diebold ATMs. Yet, they can't seem to get a simple voting machine to work as it should. And you think there is nothing fishy about that?
Re:There is a lot of talk, and little action. (Score:4, Interesting)
And here's your first clue. Diebold is in the business of making ATMs.
Heise security has a story that there's malware around specifically targetting Diebold ATMs running Windows...
http://www.heise.de/security/Windows-Trojaner-auf-Diebold-Bankautomat--/news/meldung/134794 [heise.de] (in German)
http://www.sophos.com/security/blog/2009/03/3577.html [sophos.com] (blog entry the article refers to)
Re:and who's going to CARE? (Score:5, Funny)
And I mean like "we want a refund"
Yeah! I want my eight years back!
Nader 2000
Re:and who's going to CARE? (Score:5, Interesting)
But the problem is that they probably have a EULA which excludes any damages in whatever form whatsoever (limited warranty). This would then require the invalidation of that clause, which then could be a devastating result for the software business as a whole. No software company wants to pay for any damage ever...
Re: (Score:2)
Re: (Score:2, Interesting)
there is consumer software and there is software for critical applications like
1. medical equipment
2. power plants
3. space missions
4. defense operations
which require very high standards. and even if they cost 10 times as much, you just can't use lower grade replacement there.
Re:and who's going to CARE? (Score:5, Insightful)
Refund or not, the Diebold saga is now five or six years beyond being funny. They should have lost whatever contract they have *years* ago.
Re:and who's going to CARE? (Score:5, Insightful)
"contracts"
There fixed that for ya. This distinction makes it all the less funny. it's not just a single idiotic/corrupt bureaucracy that has bought into this, it's a great many of them.
Re: (Score:3, Interesting)
But the problem is that they probably have a EULA which excludes any damages in whatever form whatsoever (limited warranty). This would then require the invalidation of that clause, which then could be a devastating result for the software business as a whole. No software company wants to pay for any damage ever...
I don't know about Diebold specificaly, but the licenses I've seen, including those from MS, usually specify that the maximum liability is the cost of the product, in other words, "a full refund" but no more.
Re:and who's going to CARE? (Score:5, Interesting)
Re:and who's going to CARE? (Score:5, Insightful)
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
And if your goal is the opposite, what is the order in which one removes these boxes from use?
Re:and who's going to CARE? (Score:5, Insightful)
Soap, ammo, jury, and leave ballot because it doesn't change anything anyways.
Re:and who's going to CARE? (Score:5, Insightful)
One doesn't.
There's no need to remove the soap box. It's easier just to force your opponents to take even more extreme positions against you, so that people just stop taking them seriously.
There's no need to remove the ballot box. Half the country would still vote for your party even if its leader publicly killed a kitten at every campaign appearance, and the other half would still vote against you even if you were running against Hitler.
There's no need to remove the jury box. You just need to make sure you select the right juries.
And there's no need to remove the ammo box. A bunch of ragtag militias with peashooters can't pose any realistic threat to your rule. (You might, however, beneficially threaten to restrict gun ownership, because that guarantees that all the gun nuts will concentrate exclusively on protecting their precious gun rights, and won't notice anything else you do.)
Re: (Score:3)
Jury first, because it's a subtle one and not too many people will ever notice.
Ammo second, because you can always say it makes the world a safer place for children.
Then you are free to pick soap or ballot. Take one away and the other will take care of itself.
Re: (Score:2)
Well at least here in Cuyahoga County, Ohio we threw out the massively expensive and even more massively flawed Diebold systems and went with proven, reliable optical scan machines.
In Florida they were switching optical scan machines to "silently ignore" mismarked ballots in contested locations, e.g. predominantly black precincts, and to "reject" mismarked ballots in precincts which could be counted on to come in Republican. I don't know if you've got the same kind, but that technology can be used against you as well.
Re:and who's going to CARE? (Score:5, Informative)
However, it is precisely because they are optical scan ballots - with a paper trail - that led to the flaw being found. Mitch Trachtenberg, a volunteer AFAIK, was able to scan all of the ballots post-election and tabulate them using his own open-source software. The discrepancy between his results and the official results is what led to the discovery of the flaw in Diebold's software.
I'm glad that they were using optical-scan ballots and that they saved the paper copies (and made them accessible), but it's still vulnerable to software flaws, "errors", etc., even if it is optical scan.
Re: (Score:2)
Re: (Score:3, Interesting)
Mitch Trachtenberg, a volunteer AFAIK, was able to scan all of the ballots post-election and tabulate them using his own open-source software. The discrepancy between his results and the official results is what led to the discovery of the flaw in Diebold's software.
Whether Diebold is a villian here or not is clearly debateable. But the hero is Mitch and anyone working with him to independently verify the results. In this case, he is the check in checks and balances.
Re:and who's going to CARE? (Score:5, Interesting)
It's a shame your constitution defines treason so narrowly.
Re: (Score:2, Interesting)
No it isn't, believe me. This is bullshit. We walked into this on our own, staring right at it, refusing to see because it might jeopardize their favorite lizard's chances. Now, after doing nothing about it, the "victims" want revenge. Diebold, or whatever they call themselves, should lose their corporate charter, and the offenders fined from their personal accounts, and possibly future profits garnished also. Sweet and simple
Re: (Score:3, Funny)
Sure, you and I care, but who's the them that's going to DO anything?
I know, lets take a vote!....
ok, ok, everyone who wants to vote, open internet explorer and make sure that little padlock looking thing is showing...
Re: (Score:2)
I have thirty miles of paper and a thousand pens. Lets do this thing.
Re: (Score:3, Interesting)
Declare all elections held using Diebold equipment null and void. See what happens then.
Umm, duh? (Score:5, Insightful)
These flaws have been reported in many mainstream press outlets, investigated by a half-dozen independent groups, and yet it was still cleared for use in state, county, and federal elections. Let's ignore Diebold for a minute -- I know plenty of other people here will (rightfully) hang them. This points to a major systemic flaw in our certification programs for voting machines. Period. End of discussion.
This isn't just Diebold. This is dozens of state, local, and federal agencies that abjectly failed in their duties to their constituents to protect the voting system. This is huge. Epic. I cannot stress enough the damage this has caused to the confidence in the system. Again, let's ignore Diebold and ask the really hard question -- Where do we go from here? Can e-voting systems be trusted? What changes need to be made to the system (and they better be major)? What do we do to restore voter confidence in a system that just got skinned, gutted, and mounted?
Re:Umm, duh? (Score:5, Insightful)
e-voting can not be trusted. Not at all.
Hell I can give you code that looks perfect, but then have the compiler put a backdoor in for me.
Computer science is not ready for this type of system to be used on a scale the size of a state.
Re: (Score:3, Insightful)
And then I could give you a processor that has a backdoor in it.
Re: (Score:3, Funny)
And then I could use my software backdoor to change the results and blame it on your processor.
MUAHAhahaha...hum
Re: (Score:2, Funny)
And then I could give you a election observer that has a backdoor in him/her.
Kinky.
Re:Umm, duh? (Score:5, Funny)
Since paper voting -- given enough effort -- can also always be corrupted, we may as well go with the new, efficient tech. Where before people had to collude, hide, counterfeit or use some other elaborate scheme to throw an election, now all they have to do is:
DELETE * FROM VOTES WHERE CANDIDATE = 'OPPONENT';
Think of all the man-hours being saved.
Re: (Score:2)
Ha! My preferred candidate is named 'NEMESIS'!!!! My votes stay!!!!
NO! (Score:3, Insightful)
Re: (Score:2)
Since paper voting -- given enough effort -- can also always be corrupted
What good is a ballot, Mister Anderson, if you are not permitted to perform a recount?
Re: (Score:3, Funny)
Re: (Score:2)
Re: (Score:2)
Hell I can give you code that looks perfect, but then have the compiler put a backdoor in for me.
Really? No voting machine can be trusted? So you fill them with disappearing ink so that the printed ballot from the electronic system will also get wiped?
Re: (Score:2)
If the only action of the electronic voting system is to print a paper ballot, then it is not truly an electronic voting system.
If the system is going to print a paper ballot anyway, you might as well just use paper ballots. Not this butterfly crap that is confusing, but good old "blacken in the circle" optically-scanable paper forms. They are simple, rugged, and can be recounted a dozen times
Re: (Score:2)
Possible solution:
Invent your own language and write a compiler for it in-house. Do not explain what it'll be used for. Doesn't matter if it's a crappy version of BASIC. Before getting any developers, choose a development environment and stick to it. A particular version of GCC for instance, and make sure to keep all that well checksummed to be sure there can't be any changes to the environment.
Once the compiler is built, hire programmers to make your vote counting application.
Explanation: It's very unlikel
Re: (Score:2)
Wow, that's...one of the most convoluted solutions I have ever heard. Why not just get used to the fact that software on its own is as unacceptable for handling elections as it is for building houses?
Re: (Score:2)
That's of course the most practical solution. But that's not very fun to think about.
Re: (Score:2)
I get your point though - the potential damage is far greater by compromising an automated system. My point is though, that almost nothing can be fully trusted.
Re: (Score:2)
First, I disagree. E-voting as implemented cannot be trusted at all, but that does not mean E-voting in general cannot be.
Let us take the simple case where every transaction is placed in a transaction journal. It is never erased from that journal, no matter what. You can "delete" as many times as you like, each delete is itself just a transaction that is logged. You now have a fix for the above problem, and indeed for any other problem to do with summing things up, as each vote is independently stored in th
Re: (Score:3, Insightful)
One of the massive historical problems folks need to solve i
Re: (Score:2)
You are correct. The proposal I'm putting forward (where a voter needs to serially scan perhaps millions of votes) is - at least in principle - just too expensive for vote selling. At least with computers as they stand. The compute cycles required for any large-scale checking would require a significant piece of big iron, which means it won't be portable. To go round and check, using portable computers, would need an army of vote-checkers of a size comparable to the number of voters.
Adding random data would
Re: (Score:3, Insightful)
and I do know folks whose votes in the most recent US presidential election would have been viewed in an extremely unkind light by immediate family members
Not to belittle your main point, but people in that situation that have far more pressing problems than something as abstract and distant from daily life as who gets elected to office, even a local office.
Re:Umm, duh? (Score:5, Insightful)
What do we do to restore voter confidence in a system that just got skinned, gutted, and mounted?
Skinning, gutting, and mounting those responsible for certifying these machines would be a good start.
Re: (Score:2)
We could probably get away with that if we convict them of treason.
Re: (Score:2)
Hasn't this whole Diebold thing proven your last statement completely false?
Draft (Score:2)
Won't work. And I'm not talking about politically.
Current military doctrine relies on a highly trained, highly professional force. It's not just hand-the-guy-a-gun.
Draftees won't be able to fit in properly.
Re: (Score:2)
draftees didn't go to boot camp/basic training?
Re:Umm, duh? (Score:5, Insightful)
The problem, as I see it, is that the certification process is a farce. The vendors who sell something sign that they meet the requirements. If "independent" testing is required, the vendor pays for that too, hiring "independent" testers to sign papers.
I.e. it's all based on trust. No, sir mayor, I can assure you that there's NO offal in our sausages!
Until the government people who make the requirement actually do QA testing themselves, without "assistance" from the vendors, the public is going to get scammed. And this will continue as long as we here in the US have a deep distrust for government, and rather would hire companies and corporations to do the job instead of hiring government workers at a decent pay. There are neither people nor funds for the local governments to do the job themselves, so they HAVE TO trust the vendors or their cronies.
Re: (Score:2)
Re: (Score:2)
Eeww, even dead I wouldn't want to mount those guys.
Re: (Score:2)
Again, let's ignore Diebold and ask the really hard question -- Where do we go from here?
Why is that a hard question?
Electronic voting is imminently desirable.
The only real problem is that the software is crap
and the people certifying the crap software have been doing a crap job.
The hard question is determining whether the certification process was marred by incompetence or willful/malicious blindness.
Either way, reforming the process isn't all that hard if you're willing to buck the mfgs.
Re: (Score:3, Insightful)
Why? I have no desire for electronic voting.
I much prefer a simple, paper ballot. It is a physical object that can be counted and recounted. If there is a question of ballots being lost, simply count all the ballots and see if the number matches the number of ballots that were turned in. If there is a need to recount, you can go back to the original ballot and count it again.
AND I prefer elections to be run using polling places, wher
Re: (Score:2)
This points to a major systemic flaw in our certification programs for voting machines.
Our certification programs involve a supervisor of elections, some Diebold salesmen, and some "scholarship money" at the local strip club.
Re: (Score:2)
This point has not been addressed at all, it seems.
I would love to wear out a crotch-bat on Diebold's[or whomever they are calling themselves now to escape the negative publicity from past problems being made public] upper management; you raise an important point.
Re: (Score:2)
The problem was, all criticism of Diebold — however legitimate — was coming from people with "Bush was appointed" and "Elections Stolen" on their T-shirts. This discounted their opinions down to zero, because they were viewed as partisan hacks.
Now that the opposite side has won the
Re:Umm, duh? (Score:5, Insightful)
Canada uses paper ballots. Care to name the last time there was any evidence of ballot stuffing?
This claim of some major flaw in paper ballots is a load of horsecrap. It's been the line of inept goons like Diebold, and it's just plain false.
Re: (Score:2)
Canada uses paper ballots.
But down south they vote on like 80 different things at once.
Re: (Score:2)
We don't need to stuff ballots very often due to coalition governments http://www.mapleleafweb.com/features/coalition-governments-canada [mapleleafweb.com]
This doesn't really work in the case of a majority government. So in that case, we would have to resort to the US solution. I know a bunch of farmers with Enfields and 22s they got from SEARS 40 years ago don't seem like anything that could take over a government but keep in mind that this would be the Canadian government and that L'Arme Secrète is only useful in th
Re: (Score:3)
What are you talking about? Democracy is that most people did not want Harper and his reform buddies leading us, especially acting like he had a strong mandate.
This is the idiot who wanted us to go to Iraq because Americans are our friends and if they jump of a cliff we should join them. The same Americans who couldn't be bothered to say thanks when we took in a bunch of them into our households on 9/11 because they were to paranoid to let them land in their own country. They also didn't bother thanking us
Re: (Score:2)
Re: (Score:2)
Calling into question... (Score:4, Interesting)
...every election that these machines have been used for in each of those 34 states. If the machines should not have passed certification, and yet they were certified (were they?) then the agency doing the certification ought to be brought up on charges as well, and any OTHER systems that they certified ought to be open to question as well. This could get you dizzy.
---
Read my political short stories at http://klurgsheld.wordpress.com/ [wordpress.com]
Re: (Score:3, Insightful)
If the machines should not have passed certification, and yet they were certified (were they?) then the agency doing the certification ought to be brought up on charges as well, and any OTHER systems that they certified ought to be open to question as well.
No point. The end result will turn out to be like an ISO9000 system - the certifiers had a process and they followed it to the T. The problem is that the process does jackshit. But everybody followed the rules. And the people responsible for creating the rules? Those will be the politicians that voted for the laws that specified electronic voting systems in the first place.
Funny how they admit flaws (Score:5, Funny)
Re: (Score:2, Insightful)
Why would they admit non-existent flaws when the machines correctly ignored the votes cast, and properly logged deletions when the machines were being watched?
Re: (Score:2, Funny)
What do you mean? They won.
Oh, come on. (Score:2)
You really think Obama doesn't come certified and approved by the Great Old Ones? Look at what he has done and look at who he has appointed. Lizards, every one.
Re: (Score:2)
So, you're saying that your NeoCon masters sold your souls to the Democrats?
Shouldn't you be taking this up with your NeoCon/Republican Overlords, instead of bashing the company that promised votes for your side in 2004?
Silly hypocrite, thinking is for real kids.{my apologies to the Trix Rabbit}
*disclaimer*
I am a registered Republican, and have been since the early 1990's. This past Presidential Election was a choice between a shite casserole, or a turd sandw
American Idol (Score:5, Interesting)
Up until the last election it seems that most Americans thought the election for American Idol was more important. I hope that the last election marked a change in this attitude. It'd be nice if we could avoid electing another idiot to high office... Aaah who am I kidding?
Re:American Idol (Score:4, Informative)
Actually, we have no idea how fair or to what confidence level American Idol singers are voted on. We have nothing except what we're told by the producers.
Re: (Score:2)
We can vote with high confidence for American Idol but the guys who make our freaking ATM machines can't get it right?
Wait.. You think that they actually count the votes for Idol? I was under the impression that they picked whoever had the highest network ratings and simply charged people $1 to 'feel' like they're voting.
BBH
Re: (Score:2)
Out of curiosity, what makes you think we have high confidence on American Idol votes? I've never seen any kind of investigation of independent review of them, do you know something I don't?
Or are you just trying for some "shocking" example without worrying about if your example is even close to correct, much less relevant.
One Word: Scantron (Score:5, Insightful)
Re: (Score:2, Informative)
I agree with you though that it's nice that at least there is a paper trail to follow unlike with touchscreen voting.
Re: (Score:2)
Scantron: More then meets the eye.
I mean: Not anything more then meets the optical eye.
Re: (Score:2)
Can't you get someone there to help you out?
Does it really matter if a person there designated to help people knows who you voted for? sure on a wide scale basis that can be bad.
Re: (Score:2)
Most of those scanners will detect pen or pencil. Why not just mark it with a Marks-A-Lot or other similar wide-tip marker?
I don't understand (Score:2)
I don't understand how this companies electronic ballot boxes can be tolerated. Given the history of Diebold stories this announce doesn't surprise me. I'm sure there are plenty of other folks who aren't surprised. I'm damn near certain if there was public access to the code operating these machines then the faults would have been determined much earlier. Surely something is horribly horribly wrong here.
Does this acknowledgement mean that Diebold machines will be retired from service immediately? And, more
Re: (Score:2)
Seems unlikely (Score:4, Insightful)
I know the whole don't attribute to malice what can be attributed to ignorance thing. But Diebold is an ATM maker, I find it hard to believe that they were this ignorant. I would think that an ATM would be a more complex device than a voting machine.
Re: (Score:2)
The Voting Machine division was acquired from outside, and shares none of the same engineers, management (apart from the top) or accountability with the rest of the company.
I've seen it (Score:5, Interesting)
I used to work as a "Computer Audit Analyst" for the Florida Division of Elections, certifying voting systems for use in the State of Florida. Certification for Premier/Diebold, ES&S, and Sequoia was pretty much a given, no matter the fact that their systems are complete shit and the certification process is a joke. Scan a few thousand ballots, have an independent testing lab review your source code, and you're good to go. Google "sequoia yellow button" to see what I mean.
Not to mention the attitudes of the folks who work there. They call people like me "activists" with a sour tone of voice, grudgingly fill public records requests, and the newly-built [2006] voting-systems lab was the size of a damn closet. Think the types of people who think F/OSS is so high-school students have something to tinker with.
Sadly, most American voters don't even think about the voting backend, and are wholly uninterested in the fact that three corporations have a legally-enforced triopoly in voting equipment, sell overpriced shit to the counties, and take legal action against anyone who finds security flaws in their systems.
They've admitted lots of flaws. (Score:5, Interesting)
It's not a bug; it's a feature! (Score:5, Insightful)
Congratulations (Score:2)
open source (Score:2)
You know it works.
http://openvoting.org/ [openvoting.org]
Seen on a bumper sticker: (Score:3, Insightful)
Ignore your rights and they'll go away
Diebold executives could be charged with:
And this is just off the top of my head. But sadly, this isn't receiving the outrage it should, and I suspect the reason is because Americans have always been largely apathetic to things which didn't directly affect them.
We needn't worry about things like democratic process and the right to vote; if we ignore the problems long enough, we won't have to worry about election fairness, because there won't be any elections. This is how it starts, folks. For that reason alone, these guys should be charged with crimes.
Re: (Score:2)
Anyone else feel like it's all a show nowadays? Remember those millions of missing Bush emails the federal courts wanted? Obama is siding with Bush on getting the suit dismissed [citizensforethics.org]. Now that's change I can believe in!
With the two party system being virtually identical, 3rd parties getting no real attention, it gets hard to be upset by who gets elected by a buggy machine. Apathy has set in, people won't get upset until they can't watch the next staged "reality show".
These guys fucked with elections... hang them (Score:3, Interesting)
You don't fuck with elections. The reason we have elections is so that we don't have to murder tyrants all the time. Its a courtesy to the people in power that we remove them from office with a ballot instead of a razor sharp blade.
When stupid worthless moronic assholes like the ones working at Diebold, who intentially designed their equipment to make elections more stealable, start fucking with the electoral process for personal gain on such a widespread level, the only answer is to convict them of treason and hang them from the nearest high tree.
This is just pathetic (Score:3, Insightful)
Usually when software goes wrong I can see that it may be hard. Internet Explorer may be shit when compared to the competition, but then I guess writing a browser may be difficult, I could see how you could mess that up. Similarly having the implementation of an encryption scheme fail, I can see how you coudl mess that up. That stuff is hard.
However, how the fuck do you mess up counting votes? I can see it fail on the hardware end, optic sensors giving wrongr eadings, inkjet printers not working... but failing to write a program that count votes? This is beyond pathetic. From what I've read about Diebold it sounds as if they were too lazy to actually write and audit the software and simply did the equivalent of sticking the results in some generic spreadsheet program.
Re: (Score:3)
Because when a flawed machine counts the ballot, every vote tally is suspect, every vote may have been miscounted. This is a much bigger problem than the traditional methods of ballot-box stuffing, because the scope is so much wider.