Researchers Crack Every Certified CA Voting Machine

ewhac writes "The San Francisco Chronicle is reporting that computer security researchers throughout the University of California system managed to crack the security on every voting machine they tested that has been approved for use in the state. The researchers are unwilling to say how vulnerable the machines are, as the tests were conducted in an environment highly advantageous to the testers. They had complete access to the devices' source code and unlimited time to try and crack the machines. No malicious code was found in any of the machines, but Matt Bishop, who led the team from UC Davis, was surprised by the weakness of the security measures employed. The tests were ordered by Secretary of State Debra Bowen, who has until Friday of next week to decide whether to decertify any of the machines for use in the upcoming Presidential primary election."

And the problem with paper was?

[seanadams.com]

So before, the only people who probably knew how to crack these would have been the people who designed them, plus whoever else had access to the source code, plus probably a whole bunch of administrators who would have access to the data files during the election.

Now, as if that's not bad enough, in addition to all of them we have a whole team of hackers who have proven that they know SPECIFICALLY how to do it. And by the way, they hacked both the voting machines themselves AND the back-end remote machines that do the tabulating.

And those facts are all public knowledge now!

So if these machines were merely "ridiculously" insecure to begin with, now they're just split wide open like a dvda. Yay democracy. What exactly does Ms Bowen need until next Friday to fucking think about?

And please, can we quit calling them "computer security researchers"? What's wrong with hackers? When did we start on the euphemism treadmill [wikipedia.org]?

Re:And the problem with paper was?

[Lockejaw]

And please, can we quit calling them "computer security researchers"? What's wrong with hackers? When did we start on the euphemism treadmill?

When the media decided that a "hacker" is someone who secretly breaks into your computer and fills it full of spam and child porn. So we needed a word for people who break into computers without being secretive about it and don't fill it with bad stuff.

Re:

[abigsmurf]

If you're going to be pedantic on the hack/security researcher issue then it's worth mentioning that a hacker actually means any coder. A cracker is the correct word for the common use of hacker.

Re:

[cheater512]

A hacker is a particulary gifted programmer, not any random programmer you find on the street.

Hacking???

[cluckshot]

Since I have on my computer the software for many of the major voting machine companies and I worked reviewing it for one of our big US States, (Not California) I might have a thing or two to say on the issue.

The first thing to understand is that the audits under the voluntary national standard for voting machine software do nothing about securing a ballot. The next thing to understand is that the public authorities don't want secure software on voting machines. -As politely as it can be said- Who in the hell do you think steals elections? --- Not the voters I can assure you! It is election officials. Next you have to understand that the purpose of modern voting machines isn't to prevent errors, it is to eliminate any evidence that they happened. Next you have to understand that some company or another wants to sell all the machines to run the election and that they don't want the election officials to be able to buy machines by another brand without having to go to the cost of ripping out the entire system by its roots and halting the whole world. In short they want to hold the political agents hostage to their company and make them pay through the nose on every election. How else does a scanner machine which might be worth $200 become a machine worth $30,000?

Now that we have identified the motives in play here and there may be a few more nasty habits around like companies wanting to control political events..... Lets get down to the brass tacks here! Any election system worth anything should have some of the following attributes and possibly some more.

(1) It must be machine independent. So that any device that fails can be easily replaced.

(2) It must be transparent in its software where anyone can see the code and see that it does what it says.

(3) It must be receipt based where it can be checked by additional 3rd party methods. Recounting must be possible and not just memory buffer checks.

(4) It should be isolated from external attack only reporting via network and protected from intrusion by device isolation. This means no USB drives and no standard internet connections etc.

(5) It must be custody of data prevented from having the political authorities being able to destroy the evidence of an election fraud.

Making elections report totals quickly accurately and with receipts and such is no problem. Technically this is very easy. I probably could write in a few days the structure and code it in a matter of months myself. I would get nowhere because the political leaders would find their methodology of stealing elections in great trouble. Unless the voters rise up and get really angry on this one, expect the development of a silent dictatorship in which you hold elections and keep on loosing to the powers that be. (Maybe it already is here????)

Mod Parent Up

[mad.frog]

This is a valid comment, but is modded into oblivion for some reason...

Re:

[Darkman, Walkin Dude]

OP is a loon who regularily posts semi well informed bullshit claiming he worked for every government agency in the world. Last time I called him on it, I listed off his claimed jobs, but I made one up, saying he worked at NASA. He confirmed his dribble chinned nuttiness by saying yes, he had been consulted by NASA several times. Wahooo!

Re:

[adrianbaugh]

"white hats" uses less electronic paper than "computer security researchers" though. Obliterate nugatory verbiage.

Re:

[jez9999]

What exactly does Ms Bowen need until next Friday to fucking think about?

Perhaps they can now modify the sourcecode to make it secure?

And please, can we quit calling them "computer security researchers"? What's wrong with hackers?

In popular culture, the word hacker has become a euphamism for 'black-hat hacker'. They need to indicate that these guys are white-hats.

Re:

[TapeCutter]

"What exactly does Ms Bowen need until next Friday to fucking think about?"

An excuse. /ducks

Re:

[tjkslashdot]

And please, can we quit calling them "computer security researchers"?

Well, Matt Bishop [ucdavis.edu] is actually a "computer security researcher" with a PhD, papers, and books to prove it. And the first sentence of the friendly article actually did use your coveted term.

Re:

[SamSim]

Quiet, quiet! If we play this right, we can make it so the grand masters of the future of humanity are its technological elite! Which was the plan all along!

Fraud

[WindBourne]

Paper elections can and has been taken over. I am not so sure at this time if any in the USA are, but Texas, Florida, and Chicago had a LONG TIME well deserved voting fraud issues. That is why EVERY box has 2 or more ppl going over the vote, with each person coming from 1 of the 2 major parties (interestingly, they are not required to have a person from all parties that are running candidates, just from the major parties). The current elections since 2000 (probably before), have shown how easy it is for general election fraud. In particular, in Florida, the gov. was not allowing votes from anybody with the same name as criminals in high democrat counties only. In ohio, they had 3 ppl (democrats) certify an election by picking certain boxes, counting them before hand, and then using those for their "random" tests. They were suppose to pick a number of random boxes and check their results as well the count. They just did not feel like doing it.

There are VERY good reasons for going to computers. Sadly, not only has the computers obviously not been designed and built well, but the vetting process in nearly all states has left a LOT to be desired. In nearly all cases, the groups have been willing to accept systems that several major companies thrust on us. What fascinated me, and should have been of interest to all the groups, is that NONE of these major machines wanted back-up paper system added in. In ALL cases, it would be their paper (i.e. get to gouge), and of course, they would be required to have somebody around to handle things (at least at the county level). This would be a recurring revenue stream for them. And yet, they fought it esp. diebold. That should be making ALL of those groups nervous, and instead it takes a judge to be looking at this issue.

The computer systems ARE the right idea. The choice and implementation have been disasters. Welcome to Amerika.

Re:

[Zironic]

In Sweden we have 5 people for every 3 (sometimes 4) voting boxes who are supposed to be party neutral (no one asks your party affiliation). The only issues we've ever had with voting fraud is when representatives of parties have gone to people that can't go to the voting locale (elderly and disabled) and tried to coerce them into voting for their party sometimes only providing the ballot of their own party.

In the voting locale we have a list over everyone legible to vote in our boxes (around 1000 people fo

Re:

[iluvcapra]

I fail to see the benefit of an insecure computer system compared to hand voting.

The big problem (or blessing) in the United States is there are at least a dozen issues to vote on, even in by-election years. It would be easy if the only issue was "which party," as it is in PR-type parliamentary democracies, but in the US you vote for people, and lots of them for lots of different offices, and bond referenda, and (in many states) ballot propositions, judgeships, etc. Counting a single issue on a ballot wo

Re:

[Zironic]

Since it seems to be a direct correlation between number of things voted about and lower voter participation I suspect that you keep more of the democracy by keeping elections as simple as possible. There's no way that an average voter can be expected to keep track of all the relevant politicians and issues.

Re:

[zCyl]

That is why EVERY [ballot] box has 2 or more ppl going over the vote ... The computer systems ARE the right idea.

Uh. And how many people can watch a computer system do its count?

This is not a programming quality issue. Replacing existing systems with ones which do not allow direct supervision and oversight is a step backwards.

I agree and yet you are wrong

[WindBourne]

You are saying that it is wrong to replace these system "which do not allow direct supervision and oversight". Where did I espouse the idea of doing that? I push the idea of creating paper trails that ALLOW oversight. The computer should be used for several reasons.

1. It should HELP prevent fraud.
2. To make it easier on the end-user. In particular, better designs and easier to follow.
3. Ideally, move the names around from user to user from voter to voter. By rotating who is in the top row, they remove some of th

Security through obscurity?

[mithras invictus]

How could this have been modded "insightful"?

Aren't you glad it is public knowledge now how rediculously insecure those machines are? These machines should never have been used and the people you call "hackers" have done what the government should have done BEFORE using them for black-box voting.
Are you advocating security though obscurity where the safety of the democratic process depends on a small group of people we trust not to abuse their position? I'd much rather have a verifiable solution.

I say someo

Re:

[seanadams.com]

Aren't you glad it is public knowledge now how rediculously insecure those machines are?

Of course I am! What on earth gave you the idea that I was complaining about the machines being proven insecure? The point is that whereas before, one might have tried to dismiss hackability of the machiens as speculation, now there is no excuse for _anyone_ to allow them to be used. Perhaps the tone of my comment was lost on you?

Re:

[cpeikert]

And please, can we quit calling them "computer security researchers"?

We can't in this case because these people really are computer security researchers. They are top academics from strong institutions.

Re:

[CastrTroy]

My favourite is when they started calling motherboards, mainboards.

Ooh, Shiney!

[pipingguy]

If voting is the core of a democracy then the transparency of the process MUST be paramount. Chuck out the whole concept of voting if average citizens have to understand and correctly interpret the latest whiz-bang technology.

Re:

[fl!ptop]

Chuck out the whole concept of voting if average citizens have to understand and correctly interpret the latest whiz-bang technology

i'm not sure the average citizens need to understand more than 'press here for candidate a', 'press here for candidate b' (obvious side-discussion regarding knowledge empowering voters to select better candidates avoided here), but those who make decisions about what procedures and machines are used to ensure the votes are tallied fairly have to consider it. poll workers ar

Re:

[Alien Being]

"...but those who make decisions about what procedures and machines are used to ensure the votes are tallied fairly have to consider it"

But how will we choose the people to make those decisions? How will we know that we really had freedom of choice?

Re:Ooh, Shiney!

[rbarreira]

Winston Churchill has the solution:

The best argument against democracy is a five minute conversation with the average voter. -- Winston Churchill.

Re:

[zippthorne]

It is true that Churchill was not fond of Democracy. But, to be fair, he hated it slightly less than all other forms of government.

Re:

[Kjella]

Look, throughout history we've tried many different forms of government and I think you can safely say that a government seeks to please only those who elects it, and if there's noone to elect it then itself. Those that are the first and loudest to take away the power of the common man, are the least worthy to keep it. So if the problem is that the right people aren't being put in power, it will only make things worse not better. If you want a government for the people, you need a government elected by the

Re:

[rbarreira]

I was expecting to be modded funny or not at all, not to be modded insightful! Scary... :S

Re:

[JesseMcDonald]

Did he not also say something to the effect of 'Democracy is the worst form of government, except for all the others'?

Yes, which leads us directly to the obvious solution: no government at all.

Re:

[JesseMcDonald]

The bottom line is that it will all trickle down to collective action of one sort or another: either there is a government that has been chosen by the masses, or what that has been imposed upon them by an individual or group with the means to do so. No government at all is an obvious impossibility.

There's no point in addressing the rest of the post, since the whole thing was just a series of unfounded assertions and this sums them all up nicely.

The difference between the two options you give here -- e

Re:

[SCHecklerX]

That's exactly the problem that I have with electronic voting. Sure, you or I may be able to comfortably 'certify' an electronic process, but what about those not in the field? And make no mistake, the entire *PROCESS* is also important, not just the way the votes are cast.

Citizens should feel confident that they know what is going on when tney 'pull the lever' If they do not, then the voting method is flawed.

With paper, there's less chance for confusion if the ballots and method to cast the vote are des

What's wrong with paper?

[fastest fascist]

Considering how strong the push for voting machines is, you'd think there's something terribly wrong with paper ballots. What is it? To me, they seem to work fine, and knowing the system for counting the votes doesn't let you compromise the impartiality of the system. What benefit do these voting machines offer that justifies the risks?

Re:

[Baricom]

Paper is too slow.

That's no justification in the real world, but unfortunately that is a perfectly logical reason to move to electronic balloting for most people.

Re:What's wrong with paper?

[Elemenope]

The problem with paper is...it's slow. Don't get me wrong, I don't see that as a problem; I am of the school of thought that it is no disadvantage to take a week or so to count ballots by hand. However, the public has an expectation (cultivated as it has been by TV media, mostly) that elections are to be decided ASAP. I don't know how to ween folks off of such an expectation, esp. since there is a profit motive in minute-by-minute coverage. It is hard in the Internet age to get people to understand why everything can't be as fast as a Google search.

I'm not crazy about exit polls, either, though if done accurately enough (i.e. large enough sample sizes, unbiased methodology) should be able to provide a good indication of results quickly even with a paper ballot system.

I'm completely spitballing here, but I imagine that psychologically the image of a computer as the instrument of an election is more reassuring to people (who, by and large, use computers for many routine tasks) than paper, which conjures notions of impermanence and fragility and a history of "stuffed ballot boxes" and other shenanigans; while computers in reality may be more vulnerable to such shenanigans, they do not as easily lend to such an image, and so combined with their inner mysterious mechanics, they are more easily trusted. People, scarred by the disintegrating trustworthiness of their government, desperately want some part of the political process to place their faith in.

Re:

[fastest fascist]

Hm, well, to do the old "over-here-they-do-it-better", over here ballots are counted manually, and the results after a nationwide vote are available withing a few hours of the closing of polls. While I live in a much smalled country than the USA is, I don't think the percentage of people who vote is any higher over there, and thus the amount of vote counters required per capita shouldn't be, either. If it takes weeks, hire more people, or perhaps people who can count, if that is the problem.

Re:

[Zironic]

Here in Sweden we just divide all voters up into groups of around 1000 people each, all of these go to the same place to vote and around 5 people count all the votes. All votes are counted around 8 hours after closing. If it takes you weeks to count the votes you're doing something seriously wrong.

Our voting ballots are rather simple. There is a different color for each party and each party has a list of candidates. You just mark the candidate you vote for or no mark for the default candidate (1). The vote

Re:

[Splab]

Same here in Denmark. The problem in the states is first of all that the news agencies has the attention span of a confused kitten (and same goes for a lot of the American people (no offense)), so they need the result fast so they can get back to fighting terrorism and screwing up the environment. The other part of the problem is that unlike us they tend to vote for a lot of stuff at the same time, so the ballots gets confusing and apparently they seem to think that using electronic voting machines help the

Re:

[Elemenope]

One salient difference is that here in the US ballots tend not to be simple; we have elections for local, state, and national offices on the same ballot, plus local and state ballot inquiries and referendum questions in many localities. So I don't think it is quite as easy to tabulate as the Swedish ballot you describe. However, even if our ballot wouldn't take hours to tabulate, I can't imagine it would take more than a day or two.

Re:

[Zironic]

We actually have the same thing.

One vote for the local (Komun)
Then one for the regional (Län)
Then lastly for the country (Stat)

Also we sometimes add a fourth for a local issue.

Still only takes hours to figure out what party won and then a few days to calculate what candidates got seats.

Re:

[Elemenope]

Ahh. Party discipline and party loyalty are quite weak in the US compared to most parliamentary democracies. This is due in great part to the fact that in the US, we don't have party slate elections. The shortcuts that that would allow via counting are thus not available to us. As such, our time-table would probably be closer to the few days than the few hours. Either way, I don't see the big deal in waiting.

Re:

[Zironic]

What's the point in having candidate based election instead of party based when there is only one candidate per party that has a chance to win?

Re:

[hobbesmaster]

Perhaps in the final election. But, then again, the "final" presidential election is basically a run off. There are currently more than 20 people running for president - that'll be cut down to maybe 5 contenders after the first primary, and then slowly dwindled down to two "serious" candidates (one from each party).

Local elections are crazier. Imagine having all 20 of those people on one ballot, and 5 of them being serious contenders (this isn't too crazy for mayor's race, maybe the numbers a touch high,

Re:

[zotz]

Put the presidential and congressional races on one ballot, the rest on another if you like.

You could even have, national, state, local, and special ballots.

Count national first.

What is the maximum number of choices you guys need to make for a national election with no special votes?

all the best,

drew

Re:

[Elemenope]

A decent idea. At most three offices are up for national election in any given district (with extremely rare exceptions where some states have at-large house representatives), President/Vice-President (elected on a unified ticket), one Senator (66% chance), and one House Rep.

Re:

[Lally Singh]

Frankly, it's like any other technological solution.

Right now, it's riddled with more trouble than it's worth. It'll have lots of public failures. But, each failure will lead to an improvement, and eventually it's pretty decent.

The problem most have with electronic ballots is the threat of indetectable corruption. But how much corruption do we have in paper ballot systems? Considering the cost of the counting process, we can't really use the paper trail very often. Instead

Re:

[NoOneInParticular]

One approach is to externally verify what you've voted for without being able to prove it. That should be enough, because when enough people raise their voice about being improperly counted, something is bound to happen. One of the approaches is called three ballot voting [mit.edu] (pdf). It's a bit convoluted, but it seems to work.

Re:

[nicklott]

In a UK general election all votes are paper and counted by hand and unless there's a recount the results are are always available within 12 hours (and normally much quicker). ie polling closes at 10pm and when you wake up the next day the results are known. I can't see any reason to need the results quicker than that.

If it takes a week they need to either employ more counters (they're unpaid volunteers in the UK AFAIK) or re-examine their methods.

Re:

[bmo]

"The problem with paper is...it's slow"

Substituting efficiency accuracy and security solves _no_ problems when it comes to democracy.

Instead, it creates problems.

Besides, what the fuck is wrong with scantron style sheets?

--
BMO

Re:

[CastrTroy]

Do you know what's slow? Waiting in line for 5 hours to vote because they don't have enough machines because you happen to live in a poor neighbourhood. That's slow. I live in Canada, and I've never had to wait more than 5 minutes to vote. Last time I voted, I think I just walked right in and voted, there was no line. That's because we use paper. Even the booths are just cardboard barriers that just sit there on a table. Can't beat the cost of that. We also have the result by the end of the night. Ac

Re:

[meringuoid]

Waiting in line for 5 hours to vote because they don't have enough machines because you happen to live in a poor neighbourhood.

Would that be because poor neighbourhoods contain a lot of people likely to vote for parties of the revolutionary Left, by any chance?

Re:

[DragonWriter]

The problem with paper is...it's slow. Don't get me wrong, I don't see that as a problem; I am of the school of thought that it is no disadvantage to take a week or so to count ballots by hand.

That's not a disadvantage of paper ballots, its a disadvantage of doing a full hand count rather than a mechanical count with random-sample manual audit. Many jurisdictions that currently use manual or mechanical (that is, not electronic) "paper ballot" systems are already using ballot counting machines, with or witho

Re:

[Rich0]

I didn't notice this in the replies to this post, but there is a big problem with paper that has nothing to do with convenience/speed of counting votes - validation of votes.

A computer program can present a GUI that forces all ballots to be valid. Votes are binary yes/no and clearly indicated. Voting for a second candidate for the same office unselects the first candidate or gives a nasty error message. The resulting ballot (whether digital or paper) can potentially be unambiguously and accurately counte

Re:

[Frozen Void]

Why not implement decentralized counting,which would decide the result at the place and send them to central office?

Re:

[fl!ptop]

What benefit do these voting machines offer that justifies the risks?

the push (in the u.s.) for electronic voting machines seems to have been made after the 2000 election recount fiasco. need i mention the words, "hanging chad?" i don't think you can have one of those with an electronic machine. besides, paper ballots are easy to invalidate. remember the pictures on the news of people holding them up to the light, and others handling stacks of paper ballots? one small wire shoved through a stack lik

Re:

[fastest fascist]

I don't remember, actually, since I'm not a US resident. Over here, the ballots are simpler: There's a circle and you write the number of your candidate in it. Then the votes are counted manually.

Re:

[rbarreira]

Bullshit. There are already solutions to those problems you mentioned about paper ballots. Recounting, safes, locks, policemen, parties having representatives at each voting booth and who are present at the counting process.

With software, you're relying on things which:

a) are not known by many people - computer security is a very non-mainstream subject and will likely remain so for many many years
b) are easy to change without a trace
c) you need to trust the machines about. You can't change reality as easily

Re:What's wrong with paper?

[TapeCutter]

"with a computer, there is no doubt, it's either a 0 or a 1." - Maybe I'm feeding a troll but here goes anyway...

Speaking as degree qualified programmer with 20yrs experience, I don't trust the machines and TFA clearly demonstrates why.

My number one reason for distrusting computerised systems is that they enable "wholesale fraud" with a single point attack, it might be "unlikely" but it is a technical possibility that the result of the whole election could be predetermined and the "race fix" can be implemented by one person sitting at a desk. Worse still it's a technical possibility that a "fix" can be done in such a way that it is undetectable after the fact.

Contrast that risk with old-fashioned paper and international observers. With that system the best a cheat can hope for is "retail fraud" - some stuffed boxes over here, the senator's hound dogs voting over there, ect. Fraud and corruption are a fact of life, nowhere on the planet can they be totally eliminated from such high stakes "games" as national elections.

The traditional paper system with it's well-known and thouroughly tested procedures minimizes the risk of a "fixed race" simply because of the fact that it is much more difficult and requires a hell of a lot more people to get away with "wholesale fraud". Speed is not a big issue since there are plenty of counters in the form of eager voulenteers from the various parties. And it's crucial to security that you pair off "opposing counters" since they also embody the imporatnt "checks and balances" of watching each other like hawks and arguing so loudly about something as mundane as "hanging chads" that even I remeber it and I live 10,000 miles away!

Re:

[TapeCutter]

Good points, I was a bit vaugue about automatic counting in my post and it pays to be explicit about these things.

"I've been an election integrity activists for about 2 years now."

My interest came about from the diebold machines a few years ago, I wouldn't call myself an activist but I usually put my $0.02 in on the many /. discussions. The electorol commision here in Australia was investigating the plausability of using diebold systems over here. The investigation IMHO was an "honest assesment" that

Re:

[pjt33]

That's not a problem with paper voting per se, but with the implementation of it adopted by some (all?) U.S. states. What was the problem with paper-and-pencil voting which punch machines were supposed to fix?

Re:

[Neuronwelder]

Amen! Today you can walk into any bank and see we have automated money counters that can count money quickly. Why not the same for the paper on voting machines?? Some bright Engineer could do this. Sigh.. Good friendly practical Engineering seems to be dead these days.

Paper ballots are even MORE insecure...

[hummassa]

Paper ballots are falsifiable. You can easily stuff/switch paper ballots. The security in an election process, electronic or otherwise, is in the process itself. If the machines are tested, and their state is always checked by parties' officials before the election begins, they are as safe as paper ballots that are sealed by said parties' officials -- with the advantage that you know the results quicker, with less opportunity to magic tricks. Of course it helps having more than one (or two) parties. Oh, and

Re:

[symbolic]

I heard it was something about some dude named Chad that liked hanging around during the election, making it difficult to determine what people were voting for. This guy's kind of strange, too- rumor has it that he occasionally gets pregnant from voting machines that malfunction. I'm guessing that the move to e-voting will give this guy a much-needed break.

Re:

[DragonWriter]

Considering how strong the push for voting machines is, you'd think there's something terribly wrong with paper ballots. What is it?

Almost every form of manually and non-electronic mechanically-marked paper ballots has some type of accessibility problem with regard to the handicapped, and many of the ones commonly used until recently also have problems in terms of reading them (i.e., the "hanging chad" problem of punch card ballots). Machines with a common output (whether its digital or printed ballots that

Voting machines

[saibot834]

"Voting machines are the non-solution of a non-existing problem" (not my quote, I heard it somewhere).

The quote is completely right.
a) What is wrong with pen&paper voting?
b) Voting machines do not solve any problems: If we say for example a) was about the money: Voting machines cost all-in-all more money than pen&paper voting.

Not true!

[rbarreira]

That's not true! Voting machines are the solution to the existing problem of "how to make sure one is elected".

Re:

[Volante3192]

Electronic voting machines have their purpose but it shouldn't be to replace the pen & paper style, but rather to suppliment it. Perks of an electronic voting machine are to ensure privacy for voters who would prefer different languages or blind/disabled.

Sure, one can argue you can print out however many ballots you need in however many languages, but it's hard to judge how many you'll need, plus I wouldn't rely on having a translator available. With a voting machine, it's a simple matter of changing

Re:

[rbarreira]

Voting machines are being deployed to solve two problems, fast tallying [...]

I really don't understand what fast tallying problem exists. In my country (Portugal), votes are counted by hand and the results come out the same day. Counting votes scales linearly with population size so all you need is the same percentage of people counting votes, is it that hard or slow?

Re:

[gnasher719]

One of the three RSA guys (can't remember which one) came up with a system that is very hard to break: First, instead of giving 1 vote to the person you want and 0 to the others, you give 2 votes to the one you want elected and 1 to everyone else. A voting machine enforces this, so if we count all votes, then subtract the number of voters from each count, we get the real count.

You put your votes on three voting strips. On each voting strip you can have one vote for each candidate (but each candidate must ha

Re:

[NoOneInParticular]

And then your boss tells you to vote for egger while using key 8854. If this combination isn't found on the table, you're fired.

Who needs to crack the system?

[ThePromenader]

...it's more that likely those most interested in tweaking the system have already got the keys.

Link to SOS Site

[jellie]

I'm surprised there's no link to Secretary of State Debra Bowen's site that includes all the analyses, CVs/resumes, and all other documentation regarding the top-to-bottom review:
http://www.sos.ca.gov/elections/elections_vsr.htm [ca.gov]

The overview by Matt Bishop is actually quite an interesting read. In it, he says that they could have found more problems with the three systems, but they were limited by time:

The short time allocated to this study has several implications. The key one is that the results presented in this study should be seen as a "lower bound"; all team members felt that they lacked sufficient time to conduct a thorough examination, and consequently may have missed other serious vulnerabilities.

In addition, he also cites the lack of proper information from the vendors as another problem.

It should also be noted that a fourth vendor, Election Systems and Software (ES&S) missed the deadline for submitting their systems for the review. I'll be cynical and just assume that they decided to skip the initial review than to have a bunch of computer researchers hack their systems.

Real Test is the Presidential Election

[BillGatesLoveChild]

They already used the census to make Jedi an official religion. Now add seriously insecure electronic voting machines, and we could wake up and find geeks have made George Lucas the next President. But I for one would welcome our new overlord. I'd like to see how a new Secretary of State Jar Jar Binks handles Iraq.

Re:

[ikkonoishi]

But then we would have to issue all the marines radios and invisible guns. Plus all military vehicles would explode violently when hit by small arms fire.

Hmm...

[jez9999]

The tests were ordered by Secretary of State Debra Bowen, who has until Friday of next week to decide whether to decertify any of the machines for use in the upcoming Presidential primary election."

Looks like she won't need to decertify any, then. They'll all be able to deliver the Republicans the next election. :-P

Re:

[DragonWriter]

The tests were ordered by Secretary of State Debra Bowen, who has until Friday of next week to decide whether to decertify any of the machines for use in the upcoming Presidential primary election."

Looks like she won't need to decertify any, then. They'll all be able to deliver the Republicans the next election. :-P

That line would work better if Debra Bowen [smartvoter.org] was a Republican.

Security is tough.

[fishthegeek]

The only secure machine is one that is OFF. If it isn't off then I'm always going to bet on the hacker. IANAP, but I feel very sorry for the challenges that programmers face. They have to review and analyze code for bugs, flaws, and features, they have bosses that demand profit and features. Those 1337 boys only need to find one flaw, the programmers have to find and fix all of them. I'm not surprised at all that all of the machines were cracked, given a high enough profile, the right conditions, and a motivated h4x0r any system is vulnerable.

Re:

[Umuri]

Mod parent up.

I'm all for pointing out how insecure a machine is for voting, and that nothing was wrong with the old paper system, but he's really hit the nail on the head on how much we shouldn't really worry about this without more specifics.

Are they vulnerable only to someone who is there at the time of the vote toying with the machine?
Or is this something that can be triggered remotely or set up on time-delay.
Is it something that is easily detectable if we have people watching over the machines/running

Move your ass guys

[rbarreira]

Hey, do something for your country and humanity, send letters to your representatives or whatever you can do to stop this electronic voting madness. Posting on slashdot won't do much.

How did the election Official get his job?

[chris_sawtell]

From the article:-

Letting the hackers have the source codes, operating manuals and unlimited access to the voting machines "is like giving a burglar the keys to your house,'' said Steve Weir, clerk-recorder of Contra Costa County and head of the state Association of Clerks and Election Officials.

This is simply not true! The analogue in the real world of locks and keys is that you have given a burgler the design blueprints of the lock. NOT the code combination or the key lever settimgs. The demonstrated ignorance of the said Steve Weir about secure computing begs the question "How did he get appointed to his positions?"

Re:

[JamesRose]

It'll be a bit of a surprise to him the resutls then, he think he gave you the front door keys, and you just walked in a back door he didn't even know he had and tapped him on the shoulder.

Re:

[martyb]

From the article:-

Letting the hackers have the source codes, operating manuals and unlimited access to the voting machines "is like giving a burglar the keys to your house,'' said Steve Weir, clerk-recorder of Contra Costa County and head of the state Association of Clerks and Election Officials.

This is simply not true! The analogue in the real world of locks and keys is that you have given a burgler the design blueprints of the lock. NOT the code combination or the key lever settimgs. The demonstrated ignorance of the said Steve Weir about secure computing begs the question "How did he get appointed to his positions?"

This is directly responded to in the Overview of Red Team Reports [ca.gov] in section 3.1 (page 5): (NB: emphasis added.)

Finally, no security should ever rely solely on secrecy of defensive mechanisms and countermeasures. [2] While not publishing details of security mechanisms is perfectly acceptable as one security mechanism, it is perhaps the one most easily breached, especially in this age of widespread information dissemination. Worse, it provides a false sense of security. Dumpster diving, corporate espionage, outright bribery, and other techniques can discover secrets that companies and organizations wish to keep hidden; indeed, in many cases, organizations are unaware of their own leaking of information. A perhaps classic example occurred when lawyers for the DVD Copyright Control Association sued to prevent the release of code that would decipher any DVD movie file. They filed a declaration containing the source code of the algorithm. One day later, they asked the court to seal the declaration from public view--but the declaration had been posted to several Internet web sites, including one that had over 21,000 downloads of the declaration! [9] More recently, Fox News reported that information posing "a direct threat to U.S. troops ... was posted carelessly to file servers by government agencies and contractors, accessible to anyone online" [8], and thefts of credit card numbers and identities are reported weekly and growing in number. Thus, the statement that attackers could not replicate what red team testers do, because the red team testers have access to information that other attackers would not have, profoundly underestimates the ability and the knowledge of attackers, and profoundly overestimates the infallibility of organizations and human nature.

[2] This is often called "security through obscurity".

Re:

[starfishsystems]

This jumped out at me too.

It's outrageous for a person in his position to misstate such an elementary security principle. Fine, if he doesn't know about security then he can just keep modestly quiet. The creepy thing is that he pretends to know. We could use a lot less of that.

Re:

[VENONA]

Not creepy at all, and he may not be pretending to anything. It's more likely that he doesn't know that he doesn't know. Post 20026461 below gives a link showing this is an elected position. So what we have is a guy that knows how to win elections. For all I know, he's a solid, honest citizen, with a heart of gold, that every woman wants to take home to meet Mom.

That doesn't mean that he realized anything about the complexity of system security when he ran, and certainly doesn't mean that the general popul

Re:

[DragonWriter]

How did he get appointed to his positions?

The office of Clerk-Recorder in Contra Costa County is an elected county office [cocovote.us].

A shocking discovery!

[abigsmurf]

Security researchers discovered a shocking flaw in the paper ballot system, they found that there were a number of flaws including one that said they could discount any number of votes just by saying the ballots were spoiled when counting! They also discovered that it was possible that overseas soldiers could send in multiple votes and have them counted!

Jeb Bush discounted these flaws as unmerited after he was seen at the security conference this was revealed taking notes.

Joking aside I have to wonder about

Re:

[Ambiguous Puzuma]

And if the seal is tampered with, what then? It seems like an easy way to quickly invalidate a whole bunch of votes in districts that are likely to favor your opponent.

Re:

[abigsmurf]

you ensure that it's not possible for the general public to break the seal (store the computer in a metal box) so that there's only a very narrow range of people who could possibly do the tampering meaning a conviction would be very easy and discourage tampering from taking place.

There's nothing to stop someone pouring a bottle of water in ballot boxes with paper ballots and invalidating a poll but this doesn't happen because it would result in a conviction

Presidential fund raising and voting machines

[dattaway]

I was looking at Diebold's present and past leadership, donations, and the paybacks they got. It looks like the Skull and Bones membership roster at Yale where Bush went:

Louis V. Bockius III, Christopher M. Connor, Richard L. Crandall, Eric C. Evans, Gale S. Fitzgerald, Phillip B. Lassiter, John N. Lauer, William F. Massy, Walden W. O'Dell, Eric J. Roorda, W. R. Timken, Jr. and Henry D. G. Wallace

Perhaps these voting machines were simply portfolio builders for the wealthy elite.

Priority straightening

[linuxwrangler]

Somebody needs to take a cluestick to the heads of a whole bunch of county election officials. They are "concerned" about this report. Because it goes to the heart of the legitimacy of our election system??? NO! Last thing on their minds. They are worried that having to switch to a proven reliable and secure system would inconvenience them. The lot of them ought to be tossed out on their ears.

How would you do it?

[elFarto the 2nd]

Ok Slashdot people, How would YOU implement electronic voting?

Regards
elFarto

Re:

[sconeu]

I wouldn't.

If I *had* to, I'd have the computer be the means of *printing* a ballot only. It wouldn't tabulate.

It would then print a ballot that was both human and machine readable (OCR font anyone?).

That ballot would be placed in a box, and counted.

Re:

[Dolly_Llama]

I don't see why electronic machines can't be used. They have all the advantages of being flexible to things like late changes to the ballot, accessibility for other languages, the blind, etc.

But why does the electronic record have to be *the* vote? The voter can do his thing on a touchscreen, hit submit ballot, then a human and machine readable ballot is printed and deposited by the voter in a locked ballot box. The printed ballot is *the* vote. A preliminary count can be made within minutes of the poll

Re:

[DragonWriter]

Ok Slashdot people, How would YOU implement electronic voting?

If you need electronic ballot creation and automatic ballot counting (the two are both conceptually and often in practice separate, though "voting machine" and "electronic voting" are often used to refer to either or both), I'd have the voting machine print a machine and human readable ballot that would then be counted by a separate machine, with random-sample confirmation of the mechanical counts and the physical ballots available for public ins

Why even have electronic/computer voting?

[Skapare]

Paper ballots do have their problems. People don't always mark them consistently. Sometimes they mark one candidate then try to rub it out and mark another. The paper ballot was hard to read by electronic means and manual counting was too time consuming to get the quick results most people wanted.

Punch cards that people have to do the punching on don't always get punched right (remember the hanging chad problem). Sometimes people start to punch one hole, and realize they are in the wrong hole or change their mind real fast and try to punch another instead. Sometimes 2 or more holes are punched. Sometimes holes are punched partially. In most cases people could check, but they don't, or don't really know they should.

Computer voting was intended to eliminate these things. But that's its fundamental misguidance. Instead, it should be used to enhance them and correct the issues.

Voting station computers should do nothing more than assist a voter in creating a reliably readable paper ballot. The voting station should not be networked, and not even have any storage space. It would be an embedded machine booted from flash that is hardware wired to be unwritable, or booted from a CDROM or equivalent. It should boot very fast (embedded developers know how to do this and bring a minimal system and application up in a second). It should be rebooted between each voter.

The voting station would have a simple single sheet printer and an LCD flat screen with touch sensors. The voter would "touch" their votes and always have the ability to go back, or even jump around randomly to various offices/issues to vote on. Once done, the voter can press the "I am finally done" button to print the choices on paper.

What is printed on the paper is a combination of scannable text and bar codes with strong checksums (SHA1). The text shall be human readable (although in big elections some people might need optical reading assistance). Visually impaired people can ask for a poll worker to read back their ballot to them.

The next step is the paper ballot is taking to the reading station. The ballot is read in by another computer with a scanner. This computer scans the text and reduces it to a set of simple vote codes. These vote codes are checksummed and that is compared against the bar codes. If there is a mismatch, probably a scanner error took place, or the ballot was damaged or smudged. It flashes and beeps a warning the the ballot is not readable. This may require the voter to re-do another ballot (this one is marked as bad and the voter is given another sheet and front-of-line access to a voting station).

The scanner keeps tallies and may send results to a central office. Larger voting places may have more than one scanner and tallies will be done by a central computer. The paper ballot is then inserted UNFOLDED into a locked box.

The voter gets a receipt for having voted, but does NOT get a copy of what votes they made. If they want to remember their own votes, they must make their own notes themselves. The reason for this is that no voter should have any official statement of who they voted for to ensure no voter can "prove" to someone else who they voted for. This has been a long time standard to impede vote buying/selling, and should not change.

The computers that tally the votes could give nearly instant 100% results shortly after polls close. But that's not the end of it. Those results are not certified. The voting officials will, in the next few days, monitor the process if re-scanning all the paper ballots to ensure the results are consistent. If they are satisfied of this, then they certify the election results. If there are any issues, then the paper ballots can be manually checked.

This process is still paper based, and still just as auditable and recountable as any paper based system. It gains the avantages of consistency in the marking of ballots. Instead of being hand marked, they are "computer marked" (in a way that humans c

Re:

[hacker]

The next step is the paper ballot is taking to the reading station. The ballot is read in by another computer with a scanner. This computer scans the text and reduces it to a set of simple vote codes. These vote codes are checksummed and that is compared against the bar codes.

What happens when the barcode incorporates a boolean value which says "When this vote is confirmed, display the user's vote to the user, and record the opposite vote electronically"?

# You voted for the "rigged" candidate, pre-cho

Re:

[Skapare]

There is a level of trust you have to have in the system. If the voting officials are all determined to see candidate X win, and are willing to violate the public trust to do so, then candidate X will "win".

But at least there is the opportunity for a paper ballot to be available for rescanning with better software, or human vision in a recount. It's better than just hiding everything inside some proprietary system.

How come they never test hacking the old system?

[ZoneGray]

Not to stick up for machine voting, or the older alternatives. But I've never seen anybody run a test against the established voting systems, and the supporting systems by which humans handle the votes. The voter registration system is so open to manipulation that it's basically meaningless.

I hate to go out on a limb here, but my guess is that the entire election system is incredibly insecure, and that there has been vote fraud going on for decades. New voting machines won't make it any better or any wor

Unintended consequences

[John Jorsett]

Interesting what you get when you attempt to make a system foolproof. All this came about because one state didn't have effective rules on what amounted to a 'vote' in a close election, and because somebody couldn't figure out how to lay out a ballot so a bunch of retirees wouldn't end up voting for the wrong candidate. Now in the quest for perfection, we're getting a system that's even more vulnerable to manipulation and failure. I said at the time that we should just go back to the "blacken a dot" type ba

Re:

[808140]

I only looked at it for a second, but it seems to me as though it's a simple buffer overrun. See how char LogMesg[11] is allocated right after the various tallies? The stack grows downward, so an overwrite on LogMesg would possibly write directly into those tallies. And indeed, looking at what gets written into LogMesg, it is significantly longer than 11 bytes. My guess (without doing an in-depth analysis) is that it doesn't work on Nov 2 because "second" is one byte longer than "first" and "third", and