Be afraid. Be very afraid.

lizette

Shit billmon, are you trying to give me a stomach-ache? Now I've got to go buy myself a tinfoil hat.

The Diebold case reads like the usual incompetence of a second-rate software company with political connections. Which diebold is.

But the AIS/ES&S "theocratic america" stuff, that is 100% pure Twilight Zone material.

Oracle/Sun or some other reputable software company needs to come along and get this stuff right using Linux.

Wired News ran a story on this pointing out that the voting machines use Windows CE! The article points out the same things as the Independent article does but with a more technical angle.

A week earlier Wired ran an article that pointed out that one companies system in California is so bad that anyone with a laptop and Microsoft Access database software could access the "secure" network and change votes. There is no password for the database.

Kim Zetter, who wrote both articles has been covering the eVoting beat pretty well for Wired.

It seems like these companies go out of their way to find morons to write the programs.

The Open Source thing is a red herring. Unless you get all the source code, all the source code for the microcode embedded in all the chips, and the code for the compiler, *and* you can guarantee the code that's been audited is the code that was actually used, then there's no real safety.

If they *must* use electronic voting machines (it strikes me that the real reason they use them is not speed or accuracy; it's that the contracts are worth millions of dollars) then there *has* to be a paper trail. There's no reason for there not to be a paper trail. If your politicians are trying to sell you a voting system without a paper trail, question their motives.

The only voting system that I trust is the one we have here in the UK. Pencil mark on a piece of paper, lots of people hand counting them in a hall open to the representatives of the candidates.

I think that electronic voting can be reliable and transparent. Let's face it - we depend upon reliable and secure electronic transactions every day in the financial world. The transparency we get is receiving a statement every month that documents what happened to our account(s) and if we see something wrong then we can do something about correcting it.

The way I see it is the electronic voting system needs transparency and checks and balances. The transparency would come from having an open source vote tabulation system at the heart - that is as tamper proof as can be made (and we can make it very tamper proof - not withstanding efforts to diddle micro-code which I think is far-fetched). The checks and balances come with everyone receiving a paper receipt that shows how they voted. After reviewing the receipt it would be deposited at the voting station in case of a recount or system failure.

I hate the idea of one company building the system from soup to nuts and not letting anyone see what's going on. Let the commercial vendors provide the kiosks and have the open source developers provide the protocol and the server. And the voters should insist upon receipts!

I've written to Tim O'Reilly (a prominent open source advocate) on this to see if he will support it - it would be a wonderful application of that process!

The system could be designed to satisfy and silence any and all critics. This is not rocket science or subatomic research. This is basic design, logic and process flows.

As such, I cannot believe it is accidental that it has been engineered with so few safeguards, verifiable accounting and paper trails. It is just not believable.

The main problem with these computer voting systems is that they are UNACCOUNTABLE. The source code is protected from outside review as a "trade secret" and it's a felony to disclose it. No one can legally examine the systems to see if there are backdoors or programming errors. Not even the purchasers. The Independent article suggests that manipulation of the results has already taken place in Georgia in the governor and Senate races.

Whether its vote fraud or assassination, (Wellstone) let no one doubt that the right wing conspiracy will stop at nothing to ensure their fascistic control.

We've had ES&S here in Hawaii and it's been a mess.Every election brings up a new set of problems. I don't trust or believe them at all.

I understand that many of these systems utilize an Access database. This program was never designed for security; there is no record of modifications taking place. Also, there are probably tens of thousands of sharp Access programmers around. You only need to modify a few percentage of the votes to shift an election your way. Even the old mechanical clunkers we have in New York are more reliable. They only need enough mechanics on hand (which, of course, we don't always have)to function correctly.

I'm afraid, too.

That we can seriously entertain ideas of the administration conspiring with big corporations to fix elections is entirely the Republicans' fault. Do bad stuff often enough and people will begin to assume that everything you do is bad.

It's astounding that these systems provide no audit trail. Would people do business with a company that handled money transactions so cavalierly? Keith and Robus are absolutely right. Paper trail, receipts and for heaven's sake competent people to vet the software.

This whole line about the source code being a trade secret is, of course, complete bullshit. I mean, how complicated is this code, for cryin' out loud? Display the names on each screen, and at the end, add up the votes. Any competent software programmer could write something like this in less than a day; if you tried to "steal code" from someone else, it would take you longer to read their source code and figure out what they were trying to do than it would take you to do it yourself from scratch.

In general, of course, source code is quite a reasonable thing for a company to keep private. But for this kind of simple programming? It's b.s.

I think that electronic voting can be reliable and transparent. Let's face it - we depend upon reliable and secure electronic transactions every day in the financial world.

So.. how are things at the Diebold offices this morning?

Electronic voting can be done "right" and it is ridiculous that the country is going about it in this innane manner. The issues that need addressing are not vote-counting speed or security, they are 1) accuracy and 2) ease-of-use (will greatly effect #1). A touch-screen ballot (has the advantage of preventing over-votes, ensuring that voters address each question on the ballot, can have large-type for those w/ poor eyesight, can display a ballot in any language) that prints out a filled-out, user auditable optical scan ballot which the voter then deposits into a locked ballot box. The optical scan ballots are the ones counted - the ATM-like machine stores no voting record.

I just finished reading Greg Palast's The Best Democracy Money Can Buy. The whole chapter on the Florida "purging" of the electoral rolls is stupefying. And the fact that it was published originally in The Guardian (and only later, partially, on Salon.com) is a shameful testament to the crustaceans we call journalists in the US. Why won't the mainstream press here cover this story? Pathetic.

Can any of you tell me if registering and then voting absentee next year would be a viable way to circumscribe this issue of electronic voting? If so, as many of us as possible should do so. Of course, then we're back to Florida . . . oh dear.

Stymied at every turn. Coincidentally, of course . . .

Electronic payment systems are also a red herring. The systems are secure as long as the people running them want them to be. They're pretty secure from outside cracking; I don't worry about the voting systems being cracked from the outside, I worry about them being fiddled from the inside.

Also, I'll say this again - open source in this particular case will provice a false sense of security unless you can give a cast iron guarantee that the code being run is the same as the code that was audited, compiled using a trusted compiler on a trusted chip. This is unlikely. If there was no alternatives, maybe open source would be better than nothing (it does help prevent unintentional mistakes, after all) but the alternatives do exist. Ink and paper.

Again: there is absolutely no doubt that the Republicans will try to fix this election any way they can. You don't need to be a conspiracy-geek to see this -- just look at the record. The only question is whether they will succeed.

I want to get off this whole compiler thing because it's irrelevant. Programmers don't write code for voting in a particular election. They write a voting system which manipulates a database. The database has tables for setting up all the various parameters of the election: the candidates, parties, initiatives etc. The code knows nothing about which particular election is being run, just how to associate votes with those tables. The thing that can be tampered with is the database as we've learned in the Access fiasco. (Fiddling with the binary program code will just cause it to crash most likely.)

BTW I'm a programmer.

Robus: If you're a programmer, I'm surprised you've never heard of Ken Thompson's compiler hack.

This is my point. If you can't guarantee security at each point of the toolchain, from source through pre-processor, compiler, linker, system libraries and operating-system kernel, and guarantee that the resultant object code is the result of the compilation of the code that is audited, then the open-source nature of the code just makes it a) harder to fiddle, not impossible and b) gives a false sense of security.

BTW, I'm a programmer.

But there will be nothing in the software saying

if (Democrat) {
// do something
}

which could be swizzled by a hacked compiler. So I think you're barking up the wrong tree here. Or perhaps you're suggesting that votes could be just randomly assigned - which might be possible but not very productive! Perhaps we need to agree to disagree?

You produce two codebases. You install one in predominately Democratic areas, that drops one in every 50 votes. You install the other in predominately Republican areas, that doesn't.

Now, of course, the first one will drop both GOP and Democratic votes, but it will drop a higher proportion of Dem votes.

Bingo.

Nick S has it right. Touch-screen machines should be used only to produce optical scan ballots that are double-checked by the voter before being deposited, not to do the actual counting. And yes, Billmon, you should be very concerned. As englishprofessor notes, whether the Republicans would try to steal the '04 election is not even a question. They will try; they are trying; and if we let them get away with it we will have only ourselves to blame. This is well beyond the theoretical.

When votes are counted there is an observer from each party present to prevent tampering. Is there an analogue of this for computer voting?

One way to do it would be to give a representative of each party access to the code in some way. there would have to be some barrier to direct alteration of code, and safeguards that it can't be changed after it has been checked.

Keith - good point! I wasn't thinking laterally enough. Now where's my pencil! ;-)

A few comments...

Keith - Have you looked at the Australian system? They even let you download the software directly from the site. I do, however, concede that a paper ballot would still make me more comfortable.

Insomnia - You'll have to check with your local office of the registrar to find out if this'll help. I know that mine uses the (much more reliable and unhackable) optical scan machines. I will definitely be voting absentee in the next election.

Eli Stevens - Just as a side note, Diebold says that their sourcecode is in excess of - wait for it - 200,000 lines long! No wonder they want to protect it, its so full of filler and fuzz that it'd show their utter incompetence in the area of programming if the source was actually shown to the public. Not to mention that the holes buried in the filler would be glaringly apparent to any of the more computer savvy people out there.

I've written to Tim O'Reilly (a prominent open source advocate) on this to see if he will support it - it would be a wonderful application of that process!

Robus - Again, take a look at the code found at the site linked to above. Its the Australian code, its based on Linux, and its open source. The system has an error rate on the level of the optical scanning equipment in this country - which is the most accurate and secure system currently in use.

P mac - this is no 'tin-foil-hat' issue. It is a real, dangerous infringement upon the most fundamental right we have in this country.

To All: I suggest you read this article for an informative and entertaining look at this problem. Ben Tripp does an excellent job writing, entertaining, and horrifying anyone who wants to know more about electronic voting systems.

As a programmer, let me provide some support for the tinfoil hat crowd. If the voting machine doesn't produce a paper trail, don't trust it. If the paper trail isn't randomly audited after every election (pick N districts, count by hand), don't trust it. If you verify enough machines at random, you don't need to care about the inner workings.

The technology in the Diebold machines sounds--by all accounts--like something I wouldn't personally trust to run an online comments forum, and it's sold by partisan hacks. Anybody that trusts their country to this equipment deserves what they get.

We all lost our votes in 2002. Remember the huge Repug sweeps last November - and W didn't gloat!
Check out aacaw.org/20030806news.htm
Sorry, I don't know how to post cool like you all do.

I just happen to have the e-mail address of a reporter at the local fish-wrapper; I forwarded a link to the Independent story to him. My county just purchased ES&S optical scan machines, and I really think this needs to be looked into.

Billmon,

One needn't go into tin-foil territory to be profoudnly disturbed by all this. If nothing else, we know that we can count on corporate mismanagement and incompetence, and that's simply unacceptable when it comes to our VOTES.

Also, the extreme resistance in the industry to having ANY SORT OF AN AUDITABLE paper trail makes recounting a troubled election IMPOSSIBLE. In other words, it's their word aagainst ours, and since they own the means, they determine the outcome... whether or not there is any malfeasance.

You are also very justified in your abhorrence of the statewide voter rolls. It's Floriduh on a national scale.

In this issue, all the Thugs really need to do is throw the electoral system into chaos, and their judges will do the rest. Since it's already been done, there's no reason to think it won't happen again....

Another programmer weighs in...

[1] I can't think of a single good excuse to do away with an auditable paper trail.

[2] Shouldn't the FEC require these machines to be at least as well-certified as the slot machines in Vegas? Check out this article.

Cong. Rush Holt (D-NJ) introduced H.R. 2239 to require a paper trail in voting. Ask your representatives to join the 45 cosponsors. This is such a common-sense measure for such a rock-basic element of democracy that I'm hard pressed to see how any member of Congress could oppose it if put on the spot. Please help put them there.

Has anyone seen evidence or even hints of an electronic intervention outside the voting precincts as it is sent to the tally HQ ? Someone has rased this as a problem via radio, or outside modums, but most of the debate is about the software and trojan hourses, and back doors. I recall someone mentioned that when George Sr. was running in New Hamp. that Sunnunu was a electronic engineer and there was talk that Bush made a phone call with some code words and mumbers and the election was maybe turned around in his favor...Look forward to some discussion on this issue. Dems in Wichita have had some weird results in elections.

Has anyone seen evidence or even hints of an electronic intervention outside the voting precincts as it is sent to the tally HQ ? Someone has rased this as a problem via radio, or outside modums, but most of the debate is about the software and trojan hourses, and back doors. I recall someone mentioned that when George Sr. was running in New Hamp. that Sunnunu was a electronic engineer and there was talk that Bush made a phone call with some code words and mumbers and the election was maybe turned around in his favor...Look forward to some discussion on this issue. Dems in Wichita have had some weird results in elections.