1-9-08: New England voting machine firm has executive criminal record (http://www.blackboxvoting.org/)

"They program every single voting machine in New Hampshire, Connecticut, almost all of Massachusetts, Vermont, and Maine. But did state officials in five New England states ever do a criminal background check on this company's executives? Do the laws of these five states even ALLOW them to hire convicted criminals for services paid for by the state? What about over 500 local towns and municipalities?"

I don't see why paper ballots are not mandatory in every state?

I think I now know why McCain was the "winner."

I would ask, "How long will the American electorate put up with this?", but I know that the answer is, 28 years and counting.

Truther Ronettes are turning up like termites on a warm spring day in the Paul campaign. Not only did they run short of ballots in NH they ran short of tin foil hats.

Just bumping an important topic so the link-bot's (with the unsophisticated OS) call doesn't scare people away)

If you're interested in this and haven't read this analysis (http://avirubin.com/vote.pdf) you might want to give it a look. It's about a different machine but it gives you a good idea of how Diebold did things!

No one is going to be happy with those damn electronic gizmos, so why don't we just take a voice vote instead? The most qualified vote counters will be hams who have worked plenty of pile-ups. http://www.qrz.com/iB_html/non-cgi/emoticons/smile.gif

Quote[/b] (N3RQ @ Jan. 09 2008,22:32)]1-9-08: New England voting machine firm has executive criminal record (http://www.blackboxvoting.org/)

"They program every single voting machine in New Hampshire, Connecticut, almost all of Massachusetts, Vermont, and Maine. But did state officials in five New England states ever do a criminal background check on this company's executives? Do the laws of these five states even ALLOW them to hire convicted criminals for services paid for by the state? What about over 500 local towns and municipalities?"
Out of curiousity:

Where do you see "Diebold" mentioned in the article that you quoted?

It is time to get away from black boxes, and use the plain beige boxes again.

Black is for helicopters. (http://www.hackingdemocracy.com/)

Quote[/b] (KG4JYD @ Jan. 10 2008,00:40)]I don't see why paper ballots are not mandatory in every state?
Because some blue hairs in Florida have proven themselves incapable of voting correctly for the last 10 years.

The looney left demanded changes be made after the 2000 election. They were made. The looney left demanded more changes be made after the 2004 election. Notice, they lost both of those.

Now we have an elctronic based system that's pretty much idiot proof and the looney left are being forced to face the fact that it's not the system against them, it's the people. It's called denial. "This can't possibly be, those electronic based machines must have been hacked or programmed by republicans". Do you people realize how stupid that sounds? Get out the tin foil the helicopters are coming.

Ever wonder why the democrats won't support any form of verifiable voter ID but are all in favor of assinine ideas like motor-voter, registering to vote without ID, and actually voting without having to provide ID?

It's to their advantage plain and simple.
The libby's on here need to just shut up about questionable elections. You're part of the problem.

We had this come up awhile back as well.

I have nothing wrong with ELECTRONIC voting - but not black box voting - and there is a huge difference.

Black box voting hides behind various laws of corporate secrets to hide how votes are tallied, stored, distributed, machines connected, etc.

I would actually prefer electronic voting if........

The boxes had a good amount of physical security

The software was peer reviewed, hell, even open source. If it's not connected to a network, and you can't access the machine from the front console (the spot where you actually enter your vote) then I have no problems with open source software (I can hear the screams now).

I would also want to see 2 paper trails in addition to the data being recorded. 1 goes on a spool inside the machien (like an ATM) and one gives the voter a hard copy that they can read to verify their vote. The second one could avoid the whole Florida fiasco.

Electronic voting can be done and with much more accuracy and efficiency - but the model chosen with Diebold is just plane wrong.

Jonathan

Quote[/b] (al2i @ Jan. 10 2008,07:49)]It is time to get away from black boxes, and use the plain beige boxes again.

Black is for helicopters. (http://www.hackingdemocracy.com/)
Yup back to the past... where men were men and goils were goils. Mister we could use a man like Hoibert Hoova a...gain...
http://www.qrz.com/iB_html/non-cgi/emoticons/laugh.gif

Quote[/b] (KB1KIX @ Jan. 10 2008,08:21)]Electronic voting can be done and with much more accuracy and efficiency - but the model chosen with Diebold is just plane wrong.
Give us your "expert" opinion on the matter, please...and share with us the details of a system that you consider to be 'right'.

(You are in fact an embedded systems designer and/or software engineer by trade - correct?)

On edit: I see three potential security flaws with your "proposal" above; two being ripe for exploitation. You DID think the ramifications of your 'model' through before you made that post...right?

Quote[/b] (n8yx @ Jan. 10 2008,07:29)]Quote[/b] (N3RQ @ Jan. 09 2008,22:32)]1-9-08: New England voting machine firm has executive criminal record (http://www.blackboxvoting.org/)

"They program every single voting machine in New Hampshire, Connecticut, almost all of Massachusetts, Vermont, and Maine. But did state officials in five New England states ever do a criminal background check on this company's executives? Do the laws of these five states even ALLOW them to hire convicted criminals for services paid for by the state? What about over 500 local towns and municipalities?"
Out of curiousity:

Where do you see "Diebold" mentioned in the article that you quoted?
Guilt by association.

-The Diebold machines were shown by many independant hackers to be absurdly easy to hack with a virus that could ultimately infect the final counting computers. #
-Several key states that used these machines also had significant discrepancies between the vote count and the exit poll results. #
-These were the first major discrepancies between vote count and exit poll results this country has ever had.
-Further, virtually all of these discrepanices were in favor of bush over Kerry. #
-In response to this the Republican National Committee Chairman, Ed Gillespie, suggested that we just eliminate exit polling as being inaccurate. #
-Exit polling is the international gold standard for detecting vote fraud, and has never experienced inaccuracies on this scale ever in this country (or anywhere else except in cases of rigged elections).
-The Secretaries of State in two of the key states, Ohio and Florida, who were charged with the responsibility of running the election and tabulating the results, were both also part of the bush reelection committees.

These are all verifiable facts. #Please draw your own conclusions.

-gary

Quote[/b] (KA8DKT @ Jan. 10 2008,08:51)]Quote[/b] (n8yx @ Jan. 10 2008,07:29)]Quote[/b] (N3RQ @ Jan. 09 2008,22:32)]1-9-08: New England voting machine firm has executive criminal record (http://www.blackboxvoting.org/)

"They program every single voting machine in New Hampshire, Connecticut, almost all of Massachusetts, Vermont, and Maine. But did state officials in five New England states ever do a criminal background check on this company's executives? Do the laws of these five states even ALLOW them to hire convicted criminals for services paid for by the state? What about over 500 local towns and municipalities?"
Out of curiousity:

Where do you see "Diebold" mentioned in the article that you quoted?
Guilt by association.

-The Diebold machines were shown by many independant hackers to be absurdly easy to hack with a virus that could ultimately infect the final counting computers.
-Several key states that used these machines also had significant discrepancies between the vote count and the exit poll results.
-These were the first major discrepancies between vote count and exit poll results this country has ever had.
-Further, virtually all of these discrepanices were in favor of bush over Kerry.
-In response to this the Republican National Committee Chairman, Ed Gillespie, suggested that we just eliminate exit polling as being inaccurate.
-Exit polling is the international gold standard for detecting vote fraud, and has never experienced inaccuracies on this scale ever in this country (or anywhere else except in cases of rigged elections).
-The Secretaries of State in two of the key states, Ohio and Florida, who were charged with the responsibility of running the election and tabulating the results, were both also part of the bush reelection committees.

These are all verifiable facts. Please draw your own conclusions.

-gary
The article does not specifically name the company. It only cites the actions of individuals.

Quote[/b] ]Guilt by association.

Which - in the context of the material quoted - will never stand up in a court of law...and we both know that, correct?

And by the way: For those of us who are 'ignorant' or 'uninformed' about such things, would you care to post some links to those "verifiable facts"?

Incidentally, '0H called this one accurately...

Quote[/b] (n8yx @ Jan. 10 2008,11:40)]Quote[/b] (KB1KIX @ Jan. 10 2008,08:21)]Electronic voting can be done and with much more accuracy and efficiency - but the model chosen with Diebold is just plane wrong.
Give us your "expert" opinion on the matter, please...and share with us the details of a system that you consider to be 'right'.

(You are in fact an embedded systems designer and/or software engineer by trade - correct?)

On edit: I see three potential security flaws with your "proposal" above; two being ripe for exploitation. You DID think the ramifications of your 'model' through before you made that post...right?
I thought this was a discussion board.

A contribution to the discussion would have been some suggestions as to perhaps closing the flaws you saw. Perhaps some further discussion of the the possible flaws of a number of systems and suggestions for improvement.

Instead, sir, you merely criticized without supporting evidence, perhaps attempting to imply that you know a lot about the subject. Well, that knowledge is useless unless it is shared.

-gary

No; this is a conspiracy-theory propagation platform.

Anyone stumbling upon the site would have guessed that by now...

Quote[/b] ]Instead, sir, you merely criticized without supporting evidence, perhaps attempting to imply that you know a lot about the subject.

Search this and other areas of the site for posts from me concerning my professional background. In short, a large part of my career has been spent in the software development and computer security disciplines.

So, yes, I "do" know what I'm talking about.

Quote[/b] (n8yx @ Jan. 09 2008,09:40)]Quote[/b] (KB1KIX @ Jan. 10 2008,08:21)]Electronic voting can be done and with much more accuracy and efficiency - but the model chosen with Diebold is just plane wrong.
Give us your "expert" opinion on the matter, please...and share with us the details of a system that you consider to be 'right'.

(You are in fact an embedded systems designer and/or software engineer by trade - correct?)

On edit: I see three potential security flaws with your "proposal" above; two being ripe for exploitation. You DID think the ramifications of your 'model' through before you made that post...right?
The general concensus in the industry is that the only model which has the capability to be secure is voter verified paper trail with separate tallying.

You proceed to box A which allows you to select your votes. This machine prints out a voter verifiable record which the voter then takes to box B which reads the ticket and tallies the votes. The paper record is NOT kept by the voter but is a part of the voting record.

The key components are separation of vote selection and vote counting and the paper trail which the voter can verify himself.

Note: I am not saying that such a system is implicitly secure.

Quote[/b] (ab8ro @ Jan. 10 2008,09:47)]Quote[/b] (n8yx @ Jan. 09 2008,09:40)]Quote[/b] (KB1KIX @ Jan. 10 2008,08:21)]Electronic voting can be done and with much more accuracy and efficiency - but the model chosen with Diebold is just plane wrong.
Give us your "expert" opinion on the matter, please...and share with us the details of a system that you consider to be 'right'.

(You are in fact an embedded systems designer and/or software engineer by trade - correct?)

On edit: I see three potential security flaws with your "proposal" above; two being ripe for exploitation. You DID think the ramifications of your 'model' through before you made that post...right?
The general concensus in the industry is that the only model which has the capability to be secure is voter verified paper trail with separate tallying.

You proceed to box A which allows you to select your votes. This machine prints out a voter verifiable record which the voter then takes to box B which reads the ticket and tallies the votes. The paper record is NOT kept by the voter but is a part of the voting record.

The key components are separation of vote selection and vote counting and the paper trail which the voter can verify himself.

Note: I am not saying that such a system is implicitly secure.
It's as secure as any human-escrowed system can be, but such a model will never be implemented as long as government is cost-conscious. That is, poll workers and their managers cost a lot more in salary than network cables, switches and whatnot do in a "linked" system...

Quote[/b] (n8yx @ Jan. 09 2008,10:51)]Quote[/b] (ab8ro @ Jan. 10 2008,09:47)]Quote[/b] (n8yx @ Jan. 09 2008,09:40)]Quote[/b] (KB1KIX @ Jan. 10 2008,08:21)]Electronic voting can be done and with much more accuracy and efficiency - but the model chosen with Diebold is just plane wrong.
Give us your "expert" opinion on the matter, please...and share with us the details of a system that you consider to be 'right'.

(You are in fact an embedded systems designer and/or software engineer by trade - correct?)

On edit: I see three potential security flaws with your "proposal" above; two being ripe for exploitation. You DID think the ramifications of your 'model' through before you made that post...right?
The general concensus in the industry is that the only model which has the capability to be secure is voter verified paper trail with separate tallying.

You proceed to box A which allows you to select your votes. This machine prints out a voter verifiable record which the voter then takes to box B which reads the ticket and tallies the votes. The paper record is NOT kept by the voter but is a part of the voting record.

The key components are separation of vote selection and vote counting and the paper trail which the voter can verify himself.

Note: I am not saying that such a system is implicitly secure.
It's as secure as any human-escrowed system can be, but such a model will never be implemented as long as government is cost-conscious. That is, poll workers and their managers cost a lot more in salary than network cables, switches and whatnot do in a "linked" system...
Yes, you still have all the limitations that you already have with physical security of the ballots etc as well as the advantages of human verifiability. However, a poorly designed system might be more susceptible to denial of service attacks than traditional punch machines so the separation is not enough, the system still needs to be designed properly.

I would argue that most voters believe that cost is a red herring and should insist that our government get this one aspect of our democracy right (well, as close to right as is possible).

Quote[/b] (KB1KIX @ Jan. 09 2008,09:21)]I would also want to see 2 paper trails in addition to the data being recorded. #1 goes on a spool inside the machien (like an ATM) and one gives the voter a hard copy that they can read to verify their vote. #The second one could avoid the whole Florida fiasco.
In the interest of discussion...

The reason you don't give the voter a record to take home is that it encourages tampering. How many voters would sell their vote for a small amount of cash? I suspect quite a few. This can only work if the buyer has a way of verifying the seller's votes.

Quote[/b] ]Yes, you still have all the limitations that you already have with physical security of the ballots etc as well as the advantages human verifiability. However, a poorly designed system might be more susceptible to denial of service attacks than traditional punch machines so the separation is not enough, the system still needs to be designed properly.

As in, 'air-gapped' and properly (strong) encrypted data traffic therein. No aspect of such a network should touch any other network in any way.

Quote[/b] ]I would argue that most voters believe that cost is a red herring and should insist that our government get this one aspect of our democracy right (well, as close to right as is possible).

The average voter cannot even figure out how to program their TV's remote controls or the clocks on their microwave ovens. As such, the nuances of cost vs. benefit in designing and implementing a secured anything are lost on many of them.

On the other hand...government itself is very concerned with cost-cutting; raising taxes is the true 'red herring'. Thus, if there exists a way to do things cheaper it's usually implemented.

My city's tax-collection services were outsourced a couple years ago, to "...save costs...". Am I happy about the new firm's collection methods and their, ahem, STELLAR customer-relations skills? HE!! NO...but the city felt they had to...

Quote[/b] (n8yx @ Jan. 09 2008,05:29)]Where do you see "Diebold" mentioned in the article that you quoted?
This company has the software and hardware maintenance contract for the Diebold machines used in several New England states.

Quote[/b] (n8yx @ Jan. 10 2008,12:13)]
No; this is a conspiracy-theory propagation platform.

Anyone stumbling upon the site would have guessed that by now...

Quote[/b] ]Instead, sir, you merely criticized without supporting evidence, perhaps attempting to imply that you know a lot about the subject.

Search this and other areas of the site for posts from me concerning my professional background. In short, a large part of my career has been spent in the software development and computer security disciplines.

So, yes, I "do" know what I'm talking about.
Super. Now make a useful contribution to the discussion as opposed to unsupported criticism.

-gary

Quote[/b] (ab8ro @ Jan. 10 2008,13:08)]Quote[/b] (n8yx @ Jan. 09 2008,10:51)]Quote[/b] (ab8ro @ Jan. 10 2008,09:47)]Quote[/b] (n8yx @ Jan. 09 2008,09:40)]Quote[/b] (KB1KIX @ Jan. 10 2008,08:21)]Electronic voting can be done and with much more accuracy and efficiency - but the model chosen with Diebold is just plane wrong.
Give us your "expert" opinion on the matter, please...and share with us the details of a system that you consider to be 'right'.

(You are in fact an embedded systems designer and/or software engineer by trade - correct?)

On edit: I see three potential security flaws with your "proposal" above; two being ripe for exploitation. You DID think the ramifications of your 'model' through before you made that post...right?
The general concensus in the industry is that the only model which has the capability to be secure is voter verified paper trail with separate tallying.

You proceed to box A which allows you to select your votes. This machine prints out a voter verifiable record which the voter then takes to box B which reads the ticket and tallies the votes. The paper record is NOT kept by the voter but is a part of the voting record.

The key components are separation of vote selection and vote counting and the paper trail which the voter can verify himself.

Note: I am not saying that such a system is implicitly secure.
It's as secure as any human-escrowed system can be, but such a model will never be implemented as long as government is cost-conscious. That is, poll workers and their managers cost a lot more in salary than network cables, switches and whatnot do in a "linked" system...
Yes, you still have all the limitations that you already have with physical security of the ballots etc as well as the advantages of human verifiability. However, a poorly designed system might be more susceptible to denial of service attacks than traditional punch machines so the separation is not enough, the system still needs to be designed properly.

I would argue that most voters believe that cost is a red herring and should insist that our government get this one aspect of our democracy right (well, as close to right as is possible).
Cost be damned! What could possibly be more important than an accurate and honest vote count?

-gary

Quote[/b] (KA8DKT @ Jan. 10 2008,10:33)]Quote[/b] (ab8ro @ Jan. 10 2008,13:08)]Quote[/b] (n8yx @ Jan. 09 2008,10:51)]Quote[/b] (ab8ro @ Jan. 10 2008,09:47)]Quote[/b] (n8yx @ Jan. 09 2008,09:40)]Quote[/b] (KB1KIX @ Jan. 10 2008,08:21)]Electronic voting can be done and with much more accuracy and efficiency - but the model chosen with Diebold is just plane wrong.
Give us your "expert" opinion on the matter, please...and share with us the details of a system that you consider to be 'right'.

(You are in fact an embedded systems designer and/or software engineer by trade - correct?)

On edit: I see three potential security flaws with your "proposal" above; two being ripe for exploitation. You DID think the ramifications of your 'model' through before you made that post...right?
The general concensus in the industry is that the only model which has the capability to be secure is voter verified paper trail with separate tallying.

You proceed to box A which allows you to select your votes. This machine prints out a voter verifiable record which the voter then takes to box B which reads the ticket and tallies the votes. The paper record is NOT kept by the voter but is a part of the voting record.

The key components are separation of vote selection and vote counting and the paper trail which the voter can verify himself.

Note: I am not saying that such a system is implicitly secure.
It's as secure as any human-escrowed system can be, but such a model will never be implemented as long as government is cost-conscious. That is, poll workers and their managers cost a lot more in salary than network cables, switches and whatnot do in a "linked" system...
Yes, you still have all the limitations that you already have with physical security of the ballots etc as well as the advantages of human verifiability. However, a poorly designed system might be more susceptible to denial of service attacks than traditional punch machines so the separation is not enough, the system still needs to be designed properly.

I would argue that most voters believe that cost is a red herring and should insist that our government get this one aspect of our democracy right (well, as close to right as is possible).
Cost be damned! What could possibly be more important than an accurate and honest vote count?
Go ask your elected officials that question. It was THEY who lobbied for (and got) such systems...

Quote[/b] (N3RQ @ Jan. 10 2008,10:30)]Quote[/b] (n8yx @ Jan. 09 2008,05:29)]Where do you see "Diebold" mentioned in the article that you quoted?
This company has the software and hardware maintenance contract for the Diebold machines used in several New England states.
Excuse my aged eyes for not finding it, but where in the article you quoted was that company mentioned?

Quote[/b] (KA8DKT @ Jan. 10 2008,10:30)]Super. Now make a useful contribution to the discussion as opposed to unsupported criticism.
If I'm addressing someone as a peer in a given field, gladly. If someone merely wishes to inflame a topic with conjecture and supposition...sorry; fish ain't bitin' here...

Quote[/b] (n8yx @ Jan. 09 2008,11:20)]Quote[/b] (ab8ro @ Jan. 10 2008,10:08)]
Quote[/b] ]Yes, you still have all the limitations that you already have with physical security of the ballots etc as well as the advantages human verifiability. However, a poorly designed system might be more susceptible to denial of service attacks than traditional punch machines so the separation is not enough, the system still needs to be designed properly.

As in, 'air-gapped' and properly (strong) encrypted data traffic therein. No aspect of such a network should touch any other network in any way.
Well, sure. But, phrases like "strong encryption" tend to become buzzwords that lead to checkboxes on marketing documents. There are many factors that can lead to DOS attacks. The Diebold system referenced in the paper I linked earlier was easily attacked to reset the election by simply inserting a particular type of memory card which could be easily cloned. Encrypting the data on the card does no good if one can simply copy the card with its encrypted contents.

There are other subtle issues such as ensuring that the vote of a particular voter cannot be determined by the ordering of the votes on either machine. The selection machine should not store anything and the tallying machine should store only totals.

Quote[/b] (ab8ro @ Jan. 10 2008,10:43)]The Diebold system referenced in the paper I linked earlier was easily attacked to reset the vote by simply inserting a particular type of memory card which could be easily cloned.
Would you say that was a flaw in the design of the system, or a hole in the physical (logistical) security surrounding the terminal itself?

Remember...the best approach to security is through a layered fashion. Preventing unauthorized access to hardware is but one layer.

An analogue of that 'model' is your personal computer. Even if you password the system's BIOS and encrypt the drive, tools exist which will recover the data from it. All that's required is enough physical access to the computer for someone to lift the drive. So you lock it up, away from prying fingers...

On edit:

Look at the date of the paper (circa 2004). 4 years is an eternity in computer-software lifetimes. Want to bet that most (if not all) all of those 'holes' have been plugged by now? After all - NO company wants to continually risk bad publicity by leaving the system as-is, and vulnerable...correct?

Going off years-old vulnerability data is akin to comparing the roadworthiness of, say, a Ford GT using handling and crash statistics that were accumulated against a 1962 T-Bird.

If that linked vulnerability assessment document was 6 months old or newer, I -might- believe a bit of it to be accurate at this point in time.

The electronic voting machines used here in Collin County, Texas (north side of Dallas), work as follows (until very recently I was the election judge for Precincts 48/55):

Each one is programmed at the county elections department and representatives from all political parties and each candidate can be present if they so wish. Then each voting machine first has the controls sealed and then the entire machine is sealed.

The machines are delivered to the polling places no more than 3 days before the election and are put in a locked location.

The election workers set up the machines in the morning before the election starts.

The election judge verifies the number on the seal of each voting machine from a list that he/she has been provided at a meeting which was held at the elections department several days before the election. Then that seal is broken and the top of the machine opened.

Next the seal on the control functions is examined and the number compared against the provided list. This seal is then broken and a key which has been provided by the elections department is used to unlock the cover over the control panel.

The same key is then used to put the machine in a test mode and a test is run to make sure that no votes have been cast. There is a paper tape which is printed out which lists every name and proposition on the ballot and the total votes cast must be zero. This tape is left attached to the printer and is rolled up to allow the cover to be replaced. There is a computer card within each machine that records the votes as they are cast.

Using the key the machine is put into the mode where votes can be cast. Then the cover is replaced and locked into place.

When the polls are opened the voter first comes to the "check in" table where he/she is verified as being on the poll list. The voter must provide one of several forms of allowed identification. If they are on the list then they sign the poll book and go to the next stage. If they are not on the list then several things can happen (I will go into these after describing the rest of the process).

A reuseable card is programmed by one of the election workers using a handheld programming unit. Since I have 2 different precincts the precinct number is programmed which tells the voting machine what persons/propositions that the voter can vote for.

The voter then takes the card to the machine and inserts the card where it is locked into the machine until the vote is completed.

The voter then selects his/her choices. Next a verification screen comes up showing every vote and the voter can choose to accept or to go back and make changes. When the voter is satisfied they then make a selection to cast their vote and remove the card from the machine.

Removing the card erases the card and allows the vote to be registered within the machine.

This card is then handed to an election worker before the voter is allowed to leave the polling area. An "I voted" sticker is offered to the voter so that they can "show off" to others that they have voted (at least in my precincts those "I voted" stickers are very popular).

Now if the person is not on the list of voters there are several options. First of all if the voter admits that he/she doesn't live in the area then they are immediately denied the right to vote. They are directed to the polling place in the area in which they live.

If they "say" that they do live in the area and that they have registered to vote then they are allowed to vote. However, they do not vote on one of the machines but vote a paper ballot. They do have to sign an affidavit stating that they are registered, etc. The paper ballot is then placed in a special envelope and the envelope sealed. Then this envelope is placed into a second envelope and the name, address, telephone number of the voter is written on this envelope. The ballot is then placed in a sealed voting box.

After the election and the votes have been carried to the county elections department the affidavits are checked to make sure that the person was telling the truth. If they are registered to vote then the outer envelope is removed and all of the inner envelopes are placed together so that the vote can be counted without knowing who placed it. If the person has lied then the affidavit is turned over to the County District Attorney's Office for prosecution. Every major election there are definitely several persons who are prosecuted for voter fraud.

As for the voting machines: When the polling place is closed the control panel covers for each machine is unlocked and the machine is placed in the "tally" mode. At this time a paper tape is printed showing each person/proposition and the total number of votes received by each one. The entire tape including the original no votes tally is then removed from the machine. If there is a representative present from any political party and if there is a representative from any candidate they can request a copy of this tape. if so, additional copies of the final tally tapes will be run off and given to those representatives.

When all copies have been run the machine is turned off and the computer card is removed. The original tape is then wrapped around the computer card and secured with a rubber band. Next the card/tape is placed into a metal "transfer case". The control panel cover is then replaced on the machine and locked into place.

After all the machines have been "read" and all the cards/tapes have been placed in the "transfer" case the case is then locked and a numbered seal is affixed. A seal is applied to the paper ballot case.

The voter's books with the signatures, the "transfer" case, and the paper ballot case are then transported by the election judge and at least 1 additional person to the county elections department. At the elections department the boxes are unsealed after the numbers on the seals have been verified. The total number of ballots cast in the precinct (as indicated by the signature books) are checked against the total number of ballots actually showing up on the machines. Usually, these numbers are "right on". However, there have been occasions where the numbers differed by 2 or 3 because someone did "walk out" without casting their ballot. This does happen when there is a long line for access to a voting machine. But, fortunately, this is a rare occasion.

At the elections office each computer card is read and verified against the paper tape. Now each political party and each candidate can have up to 2 people present where these cards are read (that makes for some pretty good crowds at times). Then the results from each card is added to the total votes cast.

Then the paper ballots are checked.

Finally, the voting process is complete.

With all of these checks and counter-checks the final tallys are going to be correct. If someone "screws up" their vote it is their fault and only their fault. They can redo their vote an unlimited number of times before finally casting their ballot. With all the paper trails with the computer cards and with the fact that representatives can be present when the machines are programmed that eliminates the possibility of fraud.

Now Collin County used the punch card type of machines for decades and never had a problem with "hanging chads" or "dimpled chads". But, with the problems especially in Florida the new type of electronic machines were implemented.

Glen, K9STH

Quote[/b] (n8yx @ Jan. 09 2008,11:49)]Quote[/b] (ab8ro @ Jan. 10 2008,10:43)]The Diebold system referenced in the paper I linked earlier was easily attacked to reset the vote by simply inserting a particular type of memory card which could be easily cloned.
Would you say that was a flaw in the design of the system, or a hole in the physical (logistical) security surrounding the terminal itself?
It's both. The design flaw is that you should not be able to clone a card regardless of physical accessability to the machines. Encryption of the card's contents is necessary, but not sufficient.

Quote[/b] ]
Remember...the best approach to security is through a layered fashion. Preventing unauthorized access to hardware is but one layer.


Right, but physical security is an issue in ALL voting systems. I'm talking about issues that are specific to electronic voting systems.

The only way to truly make electronic voting non-repudiable is to move to digitally-signed ballots. This technological move would require the issuance of a unique digital certificate to every voter, which, in turn, would require a massive tamper-proof certification authority chain and certificate revocation list. The chain of authority issues alone gives me nightmares, and the potential loss of anonymity in the voting booth would probably give most Americans nightmares.

Quote[/b] (N3RQ @ Jan. 10 2008,10:57)]
Quote[/b] ]The only way to truly make electronic voting non-repudiable is to move to digitally-signed ballots. This technological move would require the issuance of a unique digital certificate to every voter, which, in turn, would require a massive tamper-proof certification authority chain and certificate revocation list.

And who's going to foot the bill for the infrastructure?

That's right. YOU ARE. Along with the rest of us.

Quote[/b] ]The chain of authority issues alone gives me nightmares,

Imagine the 'Alex Jones' types which would come out of the woodwork if such a system were to be implemented...

Quote[/b] ]and the potential loss of anonymity in the voting booth would probably give most Americans nightmares.

So are YOU willing to trade 'liberty' for 'security'?

Didn't think so.

But most Americans don't care. As long as they get their daily dose of Britney on the evening news programs, what does it matter to them?

Quote[/b] (ab8ro @ Jan. 10 2008,13:13)]Quote[/b] (KB1KIX @ Jan. 09 2008,09:21)]I would also want to see 2 paper trails in addition to the data being recorded. #1 goes on a spool inside the machien (like an ATM) and one gives the voter a hard copy that they can read to verify their vote. #The second one could avoid the whole Florida fiasco.
In the interest of discussion...

The reason you don't give the voter a record to take home is that it encourages tampering. How many voters would sell their vote for a small amount of cash? I suspect quite a few. This can only work if the buyer has a way of verifying the seller's votes.
There would still be only as many receipts as there were actual voters, and I am sure the recepts could easily be serialized. Hey, every state lotto has an essentially fraud-proof system..perhaps the receipts could be modeled on that?

-gary

Quote[/b] (KA8DKT @ Jan. 10 2008,11:34)]Quote[/b] (ab8ro @ Jan. 10 2008,13:13)]Quote[/b] (KB1KIX @ Jan. 09 2008,09:21)]I would also want to see 2 paper trails in addition to the data being recorded. 1 goes on a spool inside the machien (like an ATM) and one gives the voter a hard copy that they can read to verify their vote. The second one could avoid the whole Florida fiasco.
In the interest of discussion...

The reason you don't give the voter a record to take home is that it encourages tampering. How many voters would sell their vote for a small amount of cash? I suspect quite a few. This can only work if the buyer has a way of verifying the seller's votes.
There would still be only as many receipts as there were actual voters, and I am sure the recepts could easily be serialized. Hey, every state lotto has an essentially fraud-proof system..perhaps the receipts could be modeled on that?

-gary
Do you have any idea WHY the various state lottos are as secure as they are?

Quote[/b] (KA8DKT @ Jan. 09 2008,12:34)]Quote[/b] (ab8ro @ Jan. 10 2008,13:13)]Quote[/b] (KB1KIX @ Jan. 09 2008,09:21)]I would also want to see 2 paper trails in addition to the data being recorded. 1 goes on a spool inside the machien (like an ATM) and one gives the voter a hard copy that they can read to verify their vote. The second one could avoid the whole Florida fiasco.
In the interest of discussion...

The reason you don't give the voter a record to take home is that it encourages tampering. How many voters would sell their vote for a small amount of cash? I suspect quite a few. This can only work if the buyer has a way of verifying the seller's votes.
There would still be only as many receipts as there were actual voters, and I am sure the recepts could easily be serialized. Hey, every state lotto has an essentially fraud-proof system..perhaps the receipts could be modeled on that?

-gary
The point is that the voter does not keep the receipt. If he doesn't keep the receipt then the spools in the machine only add to the cost. If he is allowed to keep the receipt then you have allowed outside tampering into the threat model.

The other danger of the spools is that they are implicitly an ordered list of voter records. This also introduces outside tampering because now specific voter preferences can be identified.

Quote[/b] (n8yx @ Jan. 10 2008,14:35)]Quote[/b] (KA8DKT @ Jan. 10 2008,11:34)]Quote[/b] (ab8ro @ Jan. 10 2008,13:13)]Quote[/b] (KB1KIX @ Jan. 09 2008,09:21)]I would also want to see 2 paper trails in addition to the data being recorded. #1 goes on a spool inside the machien (like an ATM) and one gives the voter a hard copy that they can read to verify their vote. #The second one could avoid the whole Florida fiasco.
In the interest of discussion...

The reason you don't give the voter a record to take home is that it encourages tampering. How many voters would sell their vote for a small amount of cash? I suspect quite a few. This can only work if the buyer has a way of verifying the seller's votes.
There would still be only as many receipts as there were actual voters, and I am sure the recepts could easily be serialized. #Hey, every state lotto has an essentially fraud-proof system..perhaps the receipts could be modeled on that?

-gary
Do you have any idea WHY the various state lottos are as secure as they are?
No, actually I don't except that I think they use their own networks.

Please elucidate.

-gary

Quote[/b] (n8yx @ Jan. 10 2008,13:42)]Quote[/b] (KA8DKT @ Jan. 10 2008,10:30)]Super. #Now make a useful contribution to the discussion as opposed to unsupported criticism.
If I'm addressing someone as a peer in a given field, gladly. If someone merely wishes to inflame a topic with conjecture and supposition...sorry; fish ain't bitin' here...
Yeah,

But you're uber sysadmin and don't want to take anyone elses discussion as fact.

Yes, I work in the IT field and yes, I've worked in the defense industry as well (in fact, I work for the same parent company now, just not a defense contractor).

So, my comments are based on my own experience.

Am I the best at what I do on this planet? Absolutely not.

You're ego is far to big for this board for intelligent conversation.

Jonathan

Quote[/b] (KG4JYD @ Jan. 10 2008,00:40)]I don't see why paper ballots are not mandatory in every state?
Because we are in 2008, not 1808.

Quote[/b] (N2RJ @ Jan. 10 2008,18:30)]Quote[/b] (KG4JYD @ Jan. 10 2008,00:40)]I don't see why paper ballots are not mandatory in every state?
Because we are in 2008, not 1808.
RJ, don't use logic in this thread.

It's already been outlawed by us feeble tech wannabees.

Bow down to his greatness while you still can....

Those of us that work in the trenches need only worship....

Jonathan

Guys, I know who I can and cannot trust in this thread, so let's leave it at that.

Anyway -

I don't see how we can trust our health, our homes, our jobs and trilions of dollars to machines, yet be afraid of similar machines counting votes in an election. It just doesn't make sense.

Elections can be rigged with paper ballots. It happens all the time. In fact, paper ballots are more insecure than properly done electronic voting machines.

If anyone is determined to rig an election, they will. Machine or no machine.

From what I see, the electronic voting machines are actually a HUGE step forward in security, and are actually more secure than paper ballots.

People will always distrust electronic voting machines, either because they want an excuse for why their candidate lost, or because they generally don't trust machines. I suspect as more people become computer literate this problem will fade away.

And lastly - I don't think there's any grand conspiracy to steal votes from Ron Paul. Everyone, including many of his supporters know he's going to lose. Sounds harsh, but that's reality.

Quote[/b] ]But you're uber sysadmin and don't want to take anyone elses discussion as fact.

Sysadmin != developer. Two entirely different disciplines. If you've spent any time in the field of software engineering, you would know the difference. This isn't a dig on you or your abilities, but is reality.

I've known quite a few top-flight admin types who absolutely cannot construct class diagrams...don't know the ins and outs of version-control software...and think that Microsoft's C# Guide is the book which follows "See Spot Run". Most of these guys wouldn't know a line of C if it bit them in the arse, much less be able to spot a potential buffer overflow....which, by the way, is Vector Number One when it comes to exploiting a piece of software. But I would trust them absolutely with a critical project database and its underlying server. That facet of their industry they know very well.


Quote[/b] ]If I'm addressing someone as a peer in a given field, gladly.

I'm now addressing you as an equal.

Quote[/b] ]If someone merely wishes to inflame a topic with conjecture and supposition...sorry; fish ain't bitin' here...

Your self-appointed attack dog was who my comments were directed towards.

Quote[/b] ]Yes, I work in the IT field and yes, I've worked in the defense industry as well (in fact, I work for the same parent company now, just not a defense contractor).

So as an IT Security type, what was wrong (procedurally and logically) with the ideas you posted? Please share.

(Lest you feel singled out, I've got my share of detractors on here as well...those who will gladly tell me that I'm full of it with regards to a given topic. Maybe; maybe not...but one learns to brush it off. I'm sorry if I came off a bit too brusquely at the outset.)

Quote[/b] (N2RJ @ Jan. 10 2008,15:30)]Quote[/b] (KG4JYD @ Jan. 10 2008,00:40)]I don't see why paper ballots are not mandatory in every state?
Because we are in 2008, not 1808.
That, and because of 'hanging chad'.

(If Chad would've been done in by lethal injection rather than by hanging, we wouldn't be having this discussion...would we?)

Quote[/b] (N2RJ @ Jan. 09 2008,16:52)]Guys, I know who I can and cannot trust in this thread, so let's leave it at that.

Anyway -

I don't see how we can trust our health, our homes, our jobs and trilions of dollars to machines, yet be afraid of similar machines counting votes in an election. #It just doesn't make sense. #

Elections can be rigged with paper ballots. #It happens all the time. #In fact, paper ballots are more insecure than properly done electronic voting machines.

If anyone is determined to rig an election, they will. #Machine or no machine.

From what I see, the electronic voting machines are actually a HUGE step forward in security, and are actually more secure than paper ballots.

People will always distrust electronic voting machines, either because they want an excuse for why their candidate lost, or because they generally don't trust machines. #I suspect as more people become computer literate this problem will fade away.

And lastly - I don't think there's any grand conspiracy to steal votes from Ron Paul. #Everyone, including many of his supporters know he's going to lose. #Sounds harsh, but that's reality.
Biggest problem I have with the idea of electronic voting isn't when the system is working properly... it's when it's you find out after-the-fact that it wasn't working properly. Without some sort of external method to do a recount that is totally non-reliant on anything electronic within the machine, something like a big box of index-card-sized pieces of paper that have the vote of each person recorded on them, something that can be picked up and (the key word here) recounted, then you have a one-shot system that does not lend itself to any sort of external audit.

You can look at the system. You can take the data that the system and see if several conditions were violated, like number of votes exceeding the permitted voters or the number of voters assigned to that machine, but you still have no way to to an external recount. With paper ballots there are ways to do this. With a system reliant solely on electronic functions, there is no way to recover that vote once it's lost, no way to count it again in the future.

My 'more perfect' system? Person is validated, goes to machine, places votes, confirms votes, index card is printed with the tally of votes on the various issues and with a 2D barcode (think UPS/FEDEX square dotted ones) encoding the vote tally for that one voter. Card is displayed to person as a physical validation that their vote has been tallied and can be recounted if needed. Person clicks one last button, card drops randomly edge-on into larger box under vote machine. Problem of 'vote spool' is minimized since it's not a perfect stack of cards that can be regressed to find out who voted a certain way, it's a system where cards are designed to fall out of voter order.

I say this as someone who is also intimately familiar as an insider in the data industry. I do enterprise-scale Cisco networking and security (and other stuff) for my paycheck, so I know the capabilities and limitations of the systems and infrastructure...

Who works in the IT profession these days ? EVERYBODY works in the IT profession these days. http://www.qrz.com/iB_html/non-cgi/emoticons/biggrin.gif

Quote[/b] (K9STH @ Jan. 09 2008,11:55)]The electronic voting machines used here in Collin County, Texas (north side of Dallas), work as follows (until very recently I was the election judge for Precincts 48/55):

Each one is programmed at the county elections department and representatives from all political parties and each candidate can be present if they so wish. Then each voting machine first has the controls sealed and then the entire machine is sealed.

The machines are delivered to the polling places no more than 3 days before the election and are put in a locked location.

The election workers set up the machines in the morning before the election starts.

The election judge verifies the number on the seal of each voting machine from a list that he/she has been provided at a meeting which was held at the elections department several days before the election. Then that seal is broken and the top of the machine opened.

Next the seal on the control functions is examined and the number compared against the provided list. This seal is then broken and a key which has been provided by the elections department is used to unlock the cover over the control panel.

The same key is then used to put the machine in a test mode and a test is run to make sure that no votes have been cast. There is a paper tape which is printed out which lists every name and proposition on the ballot and the total votes cast must be zero. This tape is left attached to the printer and is rolled up to allow the cover to be replaced. There is a computer card within each machine that records the votes as they are cast.

Using the key the machine is put into the mode where votes can be cast. Then the cover is replaced and locked into place.

When the polls are opened the voter first comes to the "check in" table where he/she is verified as being on the poll list. The voter must provide one of several forms of allowed identification. If they are on the list then they sign the poll book and go to the next stage. If they are not on the list then several things can happen (I will go into these after describing the rest of the process).

A reuseable card is programmed by one of the election workers using a handheld programming unit. Since I have 2 different precincts the precinct number is programmed which tells the voting machine what persons/propositions that the voter can vote for.

The voter then takes the card to the machine and inserts the card where it is locked into the machine until the vote is completed.

The voter then selects his/her choices. Next a verification screen comes up showing every vote and the voter can choose to accept or to go back and make changes. When the voter is satisfied they then make a selection to cast their vote and remove the card from the machine.

Removing the card erases the card and allows the vote to be registered within the machine.

This card is then handed to an election worker before the voter is allowed to leave the polling area. An "I voted" sticker is offered to the voter so that they can "show off" to others that they have voted (at least in my precincts those "I voted" stickers are very popular).

Now if the person is not on the list of voters there are several options. First of all if the voter admits that he/she doesn't live in the area then they are immediately denied the right to vote. They are directed to the polling place in the area in which they live.

If they "say" that they do live in the area and that they have registered to vote then they are allowed to vote. However, they do not vote on one of the machines but vote a paper ballot. They do have to sign an affidavit stating that they are registered, etc. The paper ballot is then placed in a special envelope and the envelope sealed. Then this envelope is placed into a second envelope and the name, address, telephone number of the voter is written on this envelope. The ballot is then placed in a sealed voting box.

After the election and the votes have been carried to the county elections department the affidavits are checked to make sure that the person was telling the truth. If they are registered to vote then the outer envelope is removed and all of the inner envelopes are placed together so that the vote can be counted without knowing who placed it. If the person has lied then the affidavit is turned over to the County District Attorney's Office for prosecution. Every major election there are definitely several persons who are prosecuted for voter fraud.

As for the voting machines: When the polling place is closed the control panel covers for each machine is unlocked and the machine is placed in the "tally" mode. At this time a paper tape is printed showing each person/proposition and the total number of votes received by each one. The entire tape including the original no votes tally is then removed from the machine. If there is a representative present from any political party and if there is a representative from any candidate they can request a copy of this tape. if so, additional copies of the final tally tapes will be run off and given to those representatives.

When all copies have been run the machine is turned off and the computer card is removed. The original tape is then wrapped around the computer card and secured with a rubber band. Next the card/tape is placed into a metal "transfer case". The control panel cover is then replaced on the machine and locked into place.

After all the machines have been "read" and all the cards/tapes have been placed in the "transfer" case the case is then locked and a numbered seal is affixed. A seal is applied to the paper ballot case.

The voter's books with the signatures, the "transfer" case, and the paper ballot case are then transported by the election judge and at least 1 additional person to the county elections department. At the elections department the boxes are unsealed after the numbers on the seals have been verified. The total number of ballots cast in the precinct (as indicated by the signature books) are checked against the total number of ballots actually showing up on the machines. Usually, these numbers are "right on". However, there have been occasions where the numbers differed by 2 or 3 because someone did "walk out" without casting their ballot. This does happen when there is a long line for access to a voting machine. But, fortunately, this is a rare occasion.

At the elections office each computer card is read and verified against the paper tape. Now each political party and each candidate can have up to 2 people present where these cards are read (that makes for some pretty good crowds at times). Then the results from each card is added to the total votes cast.

Then the paper ballots are checked.

Finally, the voting process is complete.

With all of these checks and counter-checks the final tallys are going to be correct. If someone "screws up" their vote it is their fault and only their fault. They can redo their vote an unlimited number of times before finally casting their ballot. With all the paper trails with the computer cards and with the fact that representatives can be present when the machines are programmed that eliminates the possibility of fraud.

Now Collin County used the punch card type of machines for decades and never had a problem with "hanging chads" or "dimpled chads". But, with the problems especially in Florida the new type of electronic machines were implemented.

Glen, K9STH
Thanks for posting that. Depending on the nature of the memory cards there are possibly several exploits that could be used to tamper with your elections.

My biggest criticism, however, is the paper tape. Any system which sequentially records voter choices is inherently flawed as it compromises voter anonymity.

Quote[/b] (n2ize @ Jan. 10 2008,17:01)]Who works in the IT profession these days ? EVERYBODY works in the IT profession these days. # http://www.qrz.com/iB_html/non-cgi/emoticons/biggrin.gif
Some work @ McDonald's... http://www.qrz.com/iB_html/non-cgi/emoticons/wink.gif

Quote[/b] (KA8DKT @ Jan. 09 2008,14:23)]Quote[/b] (n8yx @ Jan. 10 2008,14:35)]Quote[/b] (KA8DKT @ Jan. 10 2008,11:34)]Quote[/b] (ab8ro @ Jan. 10 2008,13:13)]Quote[/b] (KB1KIX @ Jan. 09 2008,09:21)]I would also want to see 2 paper trails in addition to the data being recorded. 1 goes on a spool inside the machien (like an ATM) and one gives the voter a hard copy that they can read to verify their vote. The second one could avoid the whole Florida fiasco.
In the interest of discussion...

The reason you don't give the voter a record to take home is that it encourages tampering. How many voters would sell their vote for a small amount of cash? I suspect quite a few. This can only work if the buyer has a way of verifying the seller's votes.
There would still be only as many receipts as there were actual voters, and I am sure the recepts could easily be serialized. Hey, every state lotto has an essentially fraud-proof system..perhaps the receipts could be modeled on that?

-gary
Do you have any idea WHY the various state lottos are as secure as they are?
No, actually I don't except that I think they use their own networks.

Please elucidate.

-gary
The two have different threat models. While they have much in common the anonymity concerns of lotto are much less stringent.

Quote[/b] (ab8ro @ Jan. 10 2008,17:08)]Quote[/b] (KA8DKT @ Jan. 09 2008,14:23)]Quote[/b] (n8yx @ Jan. 10 2008,14:35)]Quote[/b] (KA8DKT @ Jan. 10 2008,11:34)]Quote[/b] (ab8ro @ Jan. 10 2008,13:13)]Quote[/b] (KB1KIX @ Jan. 09 2008,09:21)]I would also want to see 2 paper trails in addition to the data being recorded. #1 goes on a spool inside the machien (like an ATM) and one gives the voter a hard copy that they can read to verify their vote. #The second one could avoid the whole Florida fiasco.
In the interest of discussion...

The reason you don't give the voter a record to take home is that it encourages tampering. How many voters would sell their vote for a small amount of cash? I suspect quite a few. This can only work if the buyer has a way of verifying the seller's votes.
There would still be only as many receipts as there were actual voters, and I am sure the recepts could easily be serialized. #Hey, every state lotto has an essentially fraud-proof system..perhaps the receipts could be modeled on that?

-gary
Do you have any idea WHY the various state lottos are as secure as they are?
No, actually I don't except that I think they use their own networks.

Please elucidate.

-gary
The two have different threat models. While they have much in common the anonymity concerns of lotto are much less stringent.
The lotto agencies typically have much larger budgets for such concerns. After all...it isn't the "vote" one could steal here; it's literally money.

Some of them have tiered models which would make the nuc-security guys green with envy.

This doesn't need to be done over any sort of network. As a matter of fact the most secure computer/electronic systems are those off the network. I didn't see a single place where the system Glen uses could be compromised in real world use.

Of course the conspiracy theorists among us will think of anything that could happen and assign it the same probability as the sun rising in the east, either due to their own ignorance or simply trying to play politics. More than likely the later if they lose an election.

The right to vote also carries with it the responsibility to make sure you're educated about the process. The government can only go so far in trying to "user friendly" the system or try to minimize peoples own stupidity.

Quote[/b] (AC0H @ Jan. 10 2008,17:17)]Of course the conspiracy theorists among us will think of anything that could happen and assign it the same probability as the sun rising in the east, either due to their own ignorance or simply trying to play politics. More than likely the later if they lose an election.
True, dat.

RO:

The paper tape records ONLY the total votes, not individual votes. The votes are tallied in the computer card where there is no possible form of identification. Also, there are a minimum of 3 machines at every polling place (no matter how many or how few registered voters in that particular precinct) and the voter is free to choose any machine. For about 5,000 registered voters I normally have between 5 and 15 machines depending on the election. Elections that are expected to have a light turnout (i.e. bond only elections) there are fewer machines. For major elections like the Presidential elections then the much larger number of machines.

Also, the enabling cards are used over and over and over and they are programmed only with the precinct number. By the way, the programming unit checks to make sure that the card is erased and then erases it again before being reprogrammed with the precinct number. No votes are recorded on this card at any time. It is just used to enable the actual voting machine with the proper information to allow the list of candidates/propositions for which a voter in that particular precinct can vote.

I suppose that any system could possibly be circumvented. However, with all the persons that can verify every step of the process doing such is going to be VERY difficult.

Glen, K9STH

Quote[/b] (K9STH @ Jan. 09 2008,19:11)]RO:

The paper tape records ONLY the total votes, not individual votes. The votes are tallied in the computer card where there is no possible form of identification. Also, there are a minimum of 3 machines at every polling place (no matter how many or how few registered voters in that particular precinct) and the voter is free to choose any machine. For about 5,000 registered voters I normally have between 5 and 15 machines depending on the election. Elections that are expected to have a light turnout (i.e. bond only elections) there are fewer machines. For major elections like the Presidential elections then the much larger number of machines.

Also, the enabling cards are used over and over and over and they are programmed only with the precinct number. By the way, the programming unit checks to make sure that the card is erased and then erases it again before being reprogrammed with the precinct number. No votes are recorded on this card at any time. It is just used to enable the actual voting machine with the proper information to allow the list of candidates/propositions for which a voter in that particular precinct can vote.

I suppose that any system could possibly be circumvented. However, with all the persons that can verify every step of the process doing such is going to be VERY difficult.

Glen, K9STH
Hi Glenn,

If the paper tape only records totals then that will not, by itself compromise anonymity. However, since no votes are recorded on paper, it does not guarantee wholesale tampering. In fact, the paper tape offers very little protection at all. This is an important point. You cannot forget that people write source code. You cannot verify that the vote that is presented on the screen is the vote that is recorded. This was one of the major criticisms of the Diebold process. All developers had access to CVS.

In order to know that the votes presented on the screen are the votes that become a part of the tally you must trust the source code.

This is why separate selection and tallying is important. The voter selects and the results are printed on paper that the voter can verify. The ticket is then read by the tallying machine and deposited in a box. Now you have the paper trail to verify the electronic vote count but you don't have the sequential record of the paper tape.

The program cards, however, are a potential source of weakness for retail attacks and it doesn't matter how many times they are erased. If they can be cloned your election can be tampered with. Anything from a voter using his own card to vote on a different slate of issues to exploiting how the machine reads the cards to crash the machine. Even disabling one machine in a major election can have an effect on the outcome.

For some insight on how cards can be exploited see the Diebold paper I linked above.

Quote[/b] (AC0H @ Jan. 09 2008,18:17)]This doesn't need to be done over any sort of network. As a matter of fact the most secure computer/electronic systems are those off the network. I didn't see a single place where the system Glen uses could be compromised in real world use.
Then, quite honestly, you aren't very familiar with the field. There are a number of attacks that can be launched against such a system. Both wholesale and retail attacks are possible. How many and how successful they are depends on factors such as how the data is written to the cards and how the software was written.

Both of these questions could be analyzed if voting systems were forced to be open for public inspection.

For those not familiar with the field of computer security the notion of "security through obscurity" is not considered secure at all .

Paul, "not even fit to write a check".....

http://hotair.com/archive....print=1 (http://hotair.com/archives/2008/01/10/video-only-man-who-can-save-america-spins-like-a-top-while-sandbagging-wolf-blitzer/?print=1)

Quote[/b] (n8yx @ Jan. 09 2008,11:49)]On edit:

Look at the date of the paper (circa 2004). 4 years is an eternity in computer-software lifetimes. Want to bet that most (if not all) all of those 'holes' have been plugged by now? After all - NO company wants to continually risk bad publicity by leaving the system as-is, and vulnerable...correct?

Going off years-old vulnerability data is akin to comparing the roadworthiness of, say, a Ford GT using handling and crash statistics that were accumulated against a 1962 T-Bird.

If that linked vulnerability assessment document was 6 months old or newer, I -might- believe a bit of it to be accurate at this point in time.
Whether or not the identified issues have been "fixed", regardless of the feasibility, is not the point. The point is that Diebold was touting their system as secure when it clearly wasn't. Their procedures and methods were completely out of step with then known security methodology.

In fact, if you'd read the paper you'd know that the only reason the data could be analyzed at all was because Diebold mistakenly put their own CVS data online. How much do you want to be that they wouldn't have fixed anything had they not been caught with their pants down?

Voting machine software and procedures MUST be open. That's what that paper tells us. What we do know is that machines and procedures still have flaws that can be exploited. Here's a more recent link that refers to a newer study.

http://www.abcnews.go.com/US/wireStory?id=3447008

Quote[/b] (n8yx @ Jan. 10 2008,17:07)]Quote[/b] (n2ize @ Jan. 10 2008,17:01)]Who works in the IT profession these days ? EVERYBODY works in the IT profession these days. # http://www.qrz.com/iB_html/non-cgi/emoticons/biggrin.gif
Some work @ McDonald's... #http://www.qrz.com/iB_html/non-cgi/emoticons/wink.gif
Ah, but are they not IT people too ?

There is no need for any paper ballots if mechanical machines such as those used in New York are used. These machines store each and every vote on selected mechanical counters. It is impossible to change the vote counters by adding or subtracting to the legitimate vote counts. These machines have been in use for well over 45 years with no question about their accuracy.
A federal mandate to replace these machines has cost our State and county governments a lot and the new machines may not be as reliable as the old ones. The Federal Government has not taken into consideration the fact that New York has been using very reliable voting MACHINES...and never did use paper ballots or punch cards as some other states did in recent times.

w2ilp (I Loath Paper)...Mechanical counters that get zero before the election and locked after the election are more reliable than any other device that I can imagine.

No shortage of nut jobs on either side. Congressman from Area 51 wants a recount in NH.

http://apnews.myway.com/article/20080111/D8U3EBKG0.html

Quote[/b] (W2ILP @ Jan. 10 2008,22:12)]There is no need for any paper ballots if mechanical machines such as those used in New York are used. #These machines store each and every vote on selected mechanical counters. It is impossible to change the vote counters by adding or subtracting to the legitimate vote counts. # These machines have been in use for well over 45 years with no question about their accuracy.
A federal mandate to replace these machines has cost our State and county governments a lot and the new machines may not be as reliable as the old ones. #The Federal Government has not taken into consideration the fact that New York has been using very reliable voting MACHINES...and never did use paper ballots or punch cards as some other states did in recent times. #

w2ilp (I Loath Paper)...Mechanical counters that get zero before the election and locked after the election are more reliable than any other device that I can imagine.
I've always liked the mechanical voting machines, too. #

The only way to change a machine's count is to open it up and do extensive mechanical work. #Not at all easily hacked.

Once the "program" for each counter is set, it cannot change itself and then hide or erase the changing device/process.

The machines were quite reliable and inexorably accurate.

-gary

Quote[/b] (ab8ro @ Jan. 10 2008,20:36)]Quote[/b] (AC0H @ Jan. 09 2008,18:17)]This doesn't need to be done over any sort of network. As a matter of fact the most secure computer/electronic systems are those off the network. I didn't see a single place where the system Glen uses could be compromised in real world use.
Then, quite honestly, you aren't very familiar with the field. There are a number of attacks that can be launched against such a system. Both wholesale and retail attacks are possible. How many and how successful they are depends on factors such as how the data is written to the cards and how the software was written.

Both of these questions could be analyzed if voting systems were forced to be open for public inspection.

For those not familiar with the field of computer security the notion of "security through obscurity" is not considered secure at all .
Quite to the contrary.
You can't carry my networking/security jock.

Tell me exactly how a computer which has no connections to the outside world can be compromised other than through physical access?

Waiting for for my education.

Quote[/b] (AC0H @ Jan. 10 2008,07:47)]Quote[/b] (ab8ro @ Jan. 10 2008,20:36)]Quote[/b] (AC0H @ Jan. 09 2008,18:17)]This doesn't need to be done over any sort of network. As a matter of fact the most secure computer/electronic systems are those off the network. I didn't see a single place where the system Glen uses could be compromised in real world use.
Then, quite honestly, you aren't very familiar with the field. There are a number of attacks that can be launched against such a system. Both wholesale and retail attacks are possible. How many and how successful they are depends on factors such as how the data is written to the cards and how the software was written.

Both of these questions could be analyzed if voting systems were forced to be open for public inspection.

For those not familiar with the field of computer security the notion of "security through obscurity" is not considered secure at all .
Quite to the contrary.
You can't carry my networking/security jock.


You have demonstrated yourself that you are unfamiliar with the field. Your childish response does nothing to mitigate that fact. Frankly, I don't know anyone reputable who would look at Glenn's description and claim that it's secure. Without further information you cannot rule in several vectors of attack. A reputable security expert would know not to rule out those vectors without more information. There is insufficient information in his description to rule those vectors out. No matter what else is introduced, however, you cannot rule out the fundamental fact that there is nothing to verify what's on the screen is what appears in the tallies. This is fundamental.


Quote[/b] ]
Tell me exactly how a computer which has no connections to the outside world can be compromised other than through physical access?

Waiting for for my education.
I've already described how the system can be compromised. Read the Diebold paper for expansion of the ideas. This has NOTHING to do with networks. Networks add another vector for attack but it's not the only vector.

Why don't you stop worrying about who has the biggest jock strap and engage intelligently in the conversation? If you know something about security then contribute. Your suggestion that based on Glenn's description that the system is secure, however, suggests that no matter what your day job is, you aren't familiar with the basic issues at hand.

How many of you saw the HBO documentary on Diebold machines? #If you did you wouldn't be saying they can't be EASILY hacked. #It was a controlled demonstration that proved they can be manipulated by the manufacturer and there was no way for anyone to know. The program for tabulating was made to count wrong with no way of capturing that it had done so.
I have been in IT since 1981 (back when no one was in computers) and I can tell you from my experience any software ever written can be hacked. #

At the end of the documentary, they did a mock election at a precinct in florida to show they could be manipulated. #I thought the head Precinct official was going to cry he was so upset and disapointed when he found out that the system was not secure after the demonstration.

Quote[/b] ]In Florida, Leon County supervisor of elections Ion Sancho presided over a trial "mini-election" to see if the vote could be hacked without being detected. Before votes were actually cast, computer analyst Harri Hursti "stuffed the ballot box" by entering votes on the computer's memory card. Then, after votes were cast, the results displayed when the same memory card was entered in the central tabulating program indicated that fraud was indeed possible. In other words, by accessing a memory card before an election, someone could change the results - a claim Diebold had denied was possible.


HBO Hacking Democracy Documentary (http://www.hbo.com/docs/programs/hackingdemocracy/synopsis.html)

Quote[/b] (W8EFA @ Jan. 10 2008,10:32)]I have been in IT since 1981 (back when no one was in computers)
Surely you jest? http://www.qrz.com/iB_html/non-cgi/emoticons/smile.gif

It is possible to circumvent any voting process and this includes mechanical voting machines. The term "stuffing the ballot box" comes from the days when only paper ballots were used and paper ballots with the "desireable" votes were placed into the boxes. Or, such ballots were "substituted" by corrupt election officials.

Voting machines can definitely be "rigged" to record incorrect votes.

Also, voting habits can result in some "strange" results. For example, in Dallas County, Texas, the old mechanical voting machines were used for decades. The Democrats had "trained" those in minority areas to "pull" the uppermost left hand lever which resulted in a straight Democrat ticket. When the Republican Party gained control of the Dallas County government they changed this lever to be a straight Republican ticket. Now changing the position of the levers on the voting machines was perfectly legal. In fact, that law had been written by a Democrat controlled state legislature.

What happened was that in precincts that had formerly voted like 98 percent Democrat were now voting well over 50 percent Republican. The Democrats cried "foul" but since they had written the law about the layout of the voting machines they had no "leg to stand on". It took several years for the Democrat "machine" to re-educate the minority population to actually look at the machine before "pulling" any lever.

During this transition period I was not an election official. However, I was at a tower site that was next to one of the elementary schools in a minority area the day after the election. The school grounds were littered with hundreds of pieces of paper provided by the Democrat party listing certain individuals that were to be voted for. Also included was a diagram of the voting machine indicating just what levers to pull.

Basically it is possible for any voting method to be corrupted. Even when a "show of hands" is used people can be "persuaded" to vote a certain way. In fact, that is one reason why the system was changed.

So long as there are people in the world who have a personal agenda and who have no scruples it is going to be possible to change the outcome of an election. Fortunately, at least here in the United States, there are enough people who question things and, as such, the number of elections that are "stolen" have become less and less. Do they still exist? In some cases the answer is yes. But, fortunately, they are extremely rare.

Glen, K9STH

We'll see how long it takes before voting goes to the internet.

Not because it would be legit or safe, but just look at what other departments are online now and allow electronic submission.

The day the IRS got on board was the day I knew it was going to start getting more prevelant. I expect I'll be voting by computer sometime before I depart the earth.

But no matter what kind of system, its the human element that always causes the problems. And it always will-no matter WHAT system we use.

Quote[/b] (KD6NIG @ Jan. 10 2008,12:59)]We'll see how long it takes before voting goes to the internet.

Not because it would be legit or safe, but just look at what other departments are online now and allow electronic submission.

The day the IRS got on board was the day I knew it was going to start getting more prevelant. I expect I'll be voting by computer sometime before I depart the earth.

But no matter what kind of system, its the human element that always causes the problems. And it always will-no matter WHAT system we use.
I suspect it might be longer than you think. The fundamental difference is that the IRS does not require anonymity.

Here's a fairly simple overview, written by Bruce Schneier, of some of the problems that face electronic voting and why they're problems.

http://www.schneier.com/essay-068.html

I'm convinced. I think we should move to a national show-of-hands vote.

Quote[/b] (W3MIV @ Jan. 11 2008,15:47)]I'm convinced. I think we should move to a national show-of-hands vote.
Needs more funny.

Yes, I have to agree that there are ways to subvert any voting machine mechanical or electronic. #Unfortunately, the electronic machines are far more easily subverted, and the process to do that is so very easily hidden or erased after the deed is done.

In my mind, the voting process is the core of our democratic republic. #Thus, anyone who subverts the voting process is committing a treasonous act.

Treason is still punishable by death.

It won't ever happen, but I think that there should be a law that makes any intentional fiddling with the vote, national, regional, state, or local, a crime of high treason with the according punishment. #I wouldn't care if they were Kennedys in Chicago, or bushies in Ohio and Florida. #Put a few of these traitors in front of a firing squad, and even Walden O'Dell would have serious second thoughts about promising to deliver Ohio to any candidate.

Of course, we all understand that elections are no longer anything about the will or desires of the populace. #They are only for people who want to be in office so bad that they will even bad-mouth other candidates in their own parties. #Most, if not all, of these people are in politics for the power, prestige, and monetary gain. #Few if any really care about America as a country, except as a place to conduct business, and make profits at any cost to the environment, the general populace, and to our country's future. #And, of course, they are in for re-election. #These are not the kind of people we really want in elective office, are they? #Jefferson warned against people who wanted national office, he understood perfectly what it could become.

Today, we need to vote for people who are not a part of the Demican Republicrat machine. #We need a lot of fresh new people. #And the current crop of candidates don't fit the requirements.

-gary



edit typo

Quote[/b] (KA8DKT @ Jan. 12 2008,14:27)]Yes, I have to agree that thee are ways to subvert any voting machine mechanical or electronic. #Unfortunately, the electronic machines are far more easily subverted, and the process to do that is so very easily hidden or erased after the deed is done.
Precisely. It's not even simply that nefarious deeds may cause harm to the election process, bugs in code are sufficient to throw doubt into the results. A key point in the argument for separation of selection and tallying is that the tallying process is simpler and thus easier to formally verify.

I once was contracted to fix bank vault time lock software that had a strange bug of remaining locked for whatever time it was programmed plus 255 hours. It didn't happen every time, only once in a while. It wasn't intentional, it was simply a bug. Similar types of bugs have already been observed in voting machine software.