[turtle777]

Originally Posted by tie 

These machines are completely insecure.

So are the voters.

A match made in heaven, uhm, I mean Amaraca.

-t

[besson3c]

Originally Posted by smacintush 

I'm not in the IT industry but I remember reading somewhere an saying that goes: The first rule of security is to lock the server room door.

There is NOTHING that will make these machines themselves truly secure. Nothing.

"Physical" security is the one and only thing that will keep these elections fair REGARDLESS of which machines are used. JUST LIKE EVERY SINGLE OTHER ELECTION IN HISTORY.

The problem with this debate is the very expectation that we could replace human integrity and vigilance with an impenetrable super machine.

I agree! What is slightly bothersome is that the security at many of these polling booths seems to amount to some volunteers there primarily to assist innocent voters, not to provide security, or at least this what I've been told (I don't have any first hand experience).

It would probably cost so much to have trained security staff at these polling booths that I wouldn't be surprised if any cost savings offered by the electronic machines was negated.

[awaspaas]

Wow, did you guys see this HBO documentary? They gave a Diebold memory card to Finnish security expert Harri Hursti, and he modified the executable file on the card.

They then held a mock election where 6 people marked no, and 2 people marked yes on optical-scan ballots. They used Hursti's memory card in a randomly selected machine. When it was turned on, it printed a tape that showed there were zero votes stored on the machine. They fed the votes through the machine and had it run the report.

7 no, 1 yes.

To verify that votes were actually tallied incorrectly and that the printout program wasn't just hardcoded, they connected the voting machine to a central tallying computer, and it also showed the incorrect votes: 7 no, 1 yes.

The hack that Hursti made on the Diebold memory card was later verified by UC Berkeley, and they found over a dozen other critical security holes.

[ink]

Any electronic voting machine that is more than a glorified paper-ballot generator is a bad idea. An electronic voting machine should print out an unambiguous paper ballot, which can be read by the voter before being cast. Even electronic machines that print a "paper backup" on a rolling tape shouldn't be used; if the ink runs out or the paper jams, there is no impetus to fix it (not that the 80-year-old election worker would even be able to). The code should be open source (which wouldn't even be a security threat if the machines didn't perform the security-sensitive task of tabulation).

All this networking, disks and other technological stuff is just a bad idea. It opens up too many attack surfaces for accidental bugs and malicious tinkering -- Diebold or not.

[vmarks]

Originally Posted by ink 

Any electronic voting machine that is more than a glorified paper-ballot generator is a bad idea. An electronic voting machine should print out an unambiguous paper ballot, which can be read by the voter before being cast. Even electronic machines that print a "paper backup" on a rolling tape shouldn't be used; if the ink runs out or the paper jams, there is no impetus to fix it (not that the 80-year-old election worker would even be able to). The code should be open source (which wouldn't even be a security threat if the machines didn't perform the security-sensitive task of tabulation).

All this networking, disks and other technological stuff is just a bad idea. It opens up too many attack surfaces for accidental bugs and malicious tinkering -- Diebold or not.

The whole reason for electronic voting is for automated tabulation.

That's it.

The notion is that no one has the patience to wait two weeks while ballots are counted manually.

We want to know at the end of night, two hours after polls close, who won a national election.

So electronic tabulation has to be done to enable that desire.

An electronic machine that prints a paper ballot and tabulates how many it printed for whom, and a non-networked independent scanner ballot box that scans the paper ballot and tabulates how many it received and for whom, with a paper tape printing outside and inside the locked box (similar to ATM receipts) allows for audit of both paper ballots and audit of the precinct to see that the votes received by the box are the same number as the votes received by the voting machines. And we still have paper ballots for the hard manual recount.

[ink]

Originally Posted by vmarks 

The whole reason for electronic voting is for automated tabulation.

That's it.

The notion is that no one has the patience to wait two weeks while ballots are counted manually.

We want to know at the end of night, two hours after polls close, who won a national election.

So electronic tabulation has to be done to enable that desire.

An electronic machine that prints a paper ballot and tabulates how many it printed for whom, and a non-networked independent scanner ballot box that scans the paper ballot and tabulates how many it received and for whom, with a paper tape printing outside and inside the locked box (similar to ATM receipts) allows for audit of both paper ballots and audit of the precinct to see that the votes received by the box are the same number as the votes received by the voting machines. And we still have paper ballots for the hard manual recount.

I'm fine with automated tabulation, but it should be in a dumb device without updatable software. It's too easy for bugs to show up in software. The printer does not need to tabulate at all, so I don't understand why you want two copies of a ballot -- wouldn't that be potentially confusing? Also, you're not implying that the voter should be able to take a receipt of his vote out of the polling place, are you?

We've been getting night-of-the-election results for decades just fine. Certain technologies (like punch ballots) have had issues, but we shouldn't radically change voting in a effort to fix that.

[vmarks]

You misunderstood the details of what I said.

Machine A allows the voter to touch a screen to indicate a vote. Machine A prints a paper ballot that shows that choice. Machine A prints a receipt tape inside it that shows number of ballots for candidate A, B, C, etc.

Voter walks ballot to non-networked scanner/printer equipped ballot box.

Voter inserts paper ballot. Ballot is scanned, and ballot box prints a receipt tape on both the outside of box and on the inside of box. Outside is to let voter know their ballot was recorded. Inside is to have a locked non-tampered tape.

The internal ballot box tape can be compared to the internal Machine A tape and in this way verify that no ballots got lost from being marked to being cast in the box.

Once verified, use the internal ballot box tape to report the vote speedily, and have the tape and paper ballots never separated for audit purposes.

As for no-updates, use a write-once EPROM. Someone would have to unlock the device, have programmed an EPROM of their own chip, remove the existing chip and replace with their own- way too complex for the fraudster. Not impossible, not security through obscurity, just placing the bar high enough that it can't be done quickly or indetectably.

[ink]

Originally Posted by vmarks 

You misunderstood the details of what I said.

Machine A allows the voter to touch a screen to indicate a vote. Machine A prints a paper ballot that shows that choice. Machine A prints a receipt tape inside it that shows number of ballots for candidate A, B, C, etc.

Voter walks ballot to non-networked scanner/printer equipped ballot box.

Voter inserts paper ballot. Ballot is scanned, and ballot box prints a receipt tape on both the outside of box and on the inside of box. Outside is to let voter know their ballot was recorded. Inside is to have a locked non-tampered tape.

Why even bother with an internal receipt in Machine A? It's pointless. Machine A or B or X should be completely fungible. If a ballot gets "lost" between the machine and the scanner, then that means the voter didn't vote (just as if a voter walked into a polling area now, got a ballot, marked it and left without casting it). I like the rest, though -- with the caveot that the receipt that the voter gets does NOT have any of his or her choices listed on it.

Why is it that random people on internet fora can come up with simple ideas like this, and yet the government cannot?

[awaspaas]

That's all fine, but what if the electronic ballot box has a pre-rigged memory card like in the HBO special? How is it any different from what we have now?

[vmarks]

Originally Posted by awaspaas 

That's all fine, but what if the electronic ballot box has a pre-rigged memory card like in the HBO special? How is it any different from what we have now?

No memory cards at all. One write-once ROM. Can't be tampered with after it leaves the MFR, other than to replace the chip with another burned ROM. If the Ballot Box is padlocked then we're back at physical security as the weak point, same as it is with plain paper ballot boxes.

Not good enough? epoxy the ROM into its socket, and screw a metal enclosure over the works. Epoxy the screws or pop-rivets that hold that enclosure in place.

Sure, if someone is determined enough to tamper, they will- but it will be completely obvious to the uneducated poll worker.

[ironknee]

it runs on windows folks...how is it that windows on a pc is considered bug riddened (viruses, worms etc) but it's "safe" as a voting machine?

[alphasubzero949]

Princeton U.: Security Analysis of the Diebold AccuVote-TS Voting Machine

Watch the demonstration video. (Alt. Link via Google Video)

Ars Technica also ran a report on Diebold machines:
How to steal an election by hacking the vote

Scary stuff.

[art_director]

Originally Posted by alphasubzero949 

Princeton U.: Security Analysis of the Diebold AccuVote-TS Voting Machine

Watch the demonstration video. (Alt. Link via Google Video)

Ars Technica also ran a report on Diebold machines:
How to steal an election by hacking the vote

Scary stuff.

People don't seem to give a rip that these machines:

a. Offer no benefit over paper and pen.

b. They're obviously insecure.

We're failing all those who gave so much for our democracy over the years. Now we're letting a corrupt government just flush it all down the toilet. Every American should hang their heads in shame.

[awaspaas]

Wow - one criminal alone with one machine for one minute can infect multiple voting machines. Remind me again why there are people that are against these machines just printing a paper receipt that the voter can put into a sealed ballot box for possible recounting? (besides the obvious conspiracy theories)

[art_director]

Thank god for that glorious invention called 'paper.'

[Dork.]

Map of which counties are using touch-screen machines (Pic is slightly too big)

[olePigeon]

Originally Posted by mitchell_pgh 

IMHO, the current voting machines aren't perfect, but it's as good as paper ballots. What's the difference between me throwing away a handful of ballots or tinkering with some software/hardware?

I would imagine it's a little harder to physically throw out 150,000 paper ballots and have no one notice.

[art_director]

Originally Posted by olePigeon 

I would imagine it's a little harder to physically throw out 150,000 paper ballots and have no one notice.

Precisely.

[indigoimac]

I rarely weigh in in the political lounge but I'm just gonna throw a few points:

1) We are fine w/ Diebold machines protecting out money in ATMs but not our votes...hmmm.

2) There is no paper trail on those lever machines we've been using since the 60's, it is simply a series of mechanical counters that are read by hand, what's to keep these numbers from being misrecorded or what is to keep someone from altering the counting mechanisms?

Just a couple thoughts as election coverage drones on.

[olePigeon]

Originally Posted by indigoimac 

I rarely weigh in in the political lounge but I'm just gonna throw a few points:

1) We are fine w/ Diebold machines protecting out money in ATMs but not our votes...hmmm.

2) There is no paper trail on those lever machines we've been using since the 60's, it is simply a series of mechanical counters that are read by hand, what's to keep these numbers from being misrecorded or what is to keep someone from altering the counting mechanisms?

Just a couple thoughts as election coverage drones on.

The difference is that Diebold's ATM machines operate with a system of checks and balances and, ultimate, the Bank makes the decisions, not Diebold.

When it comes to Diebold Voting Machines, not even the Election Officials can observe how they work.

[tie]

Originally Posted by indigoimac 

1) We are fine w/ Diebold machines protecting out money in ATMs but not our votes...hmmm.

But this is just a superficial argument. The technical problems with ATM machines are completely different from those for voting.

I think Diebold's voting machines have been designed for easy hacking -- and I think it isn't too unlikely that they are being used for that purpose. Read alphasub's post, or anything that has been written anywhere on voting machines.