Diebold Gets Free Passes In Both California And North Carolina?

from the how-nice dept

The continuing saga of e-voting machine maker Diebold is incredibly odd. It seems fairly self-evident to just about anyone that in order to have a free and fair election, any equipment used in such an election should be open to scrutinization to make sure there are no problems with it. Also, it makes sense that any such system should have a backup -- because we all know that computers run into problems. It's never been at all clear why Diebold has resisted -- but what's scarier is that politicians seem to let them slide by each and every time, no matter how many times evidence of problems with the machines are presented. We've been following two separate Diebold stories over the past couple of weeks, one in California and one in North Carolina -- and there's more news on each right now. In North Carolina, remember, Diebold was accused of skirting new election law that required companies to submit the source code of their systems in escrow so that it could be examined. Diebold asked to be exempt from that law. However, they were sued over it and a judge said the law is the law and Diebold must obey -- to which Diebold said it might no longer bid to process elections in the state. So, what happens today? According to the EFF, the North Carolina Board of Elections certified Diebold's equipment anyway -- even though they did not obey election law and did not submit the source code.

Meanwhile, it looks like Diebold is similarly getting preferential treatment in California as well. In this case, the Secretary of State originally invited some e-voting reform advocates to hack the Diebold machines. As we stated at the time, there are problems with this (putting the burden of proof on the hackers, rather than Diebold), but at least it suggested that the Secretary of State understood there were problems facing electronic voting. However, having invited and confirmed that the group would be a part of this hack test, the Secretary of State proceeded to stop responding to emails and then deny that the event was happening when he had promised. He later made vague statements about maybe doing a test sometime in the future. However, according to another site, instead of holding this hack test, it looks like the Secretary of State held a special summit on e-voting that apparently shut out many e-voting reform advocates, while stocking many panels with only supporters of existing e-voting machines. It sounds like a few reform advocates, such as Avi Rubin did attend -- so it wasn't entirely one-sided. However, it looks like the discussions were geared more towards listening to what the e-voting machine makers had to say, rather than what the reform advocates had to say. Reform advocates who tried to register were turned down, even though seats tickets were available. The thing that's still the strangest of all about this is that it's in the e-voting companies' best interests to go out and prove that their systems are safe and secure. If they actually did that, there wouldn't be any problems. It's the fact that they keep hiding stuff that makes everyone question what is going on -- and yet our politicians give them a pass each and every time. Update: On this California story, it was clear that the only report we saw was one sided -- put forth by those who were unable to attend. However, Joe Hall, who did attend, points out that the summit was much more balanced than the initial report suggested, and he felt that the important issues were raised. That's good news.



Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Thomas, Dec 1st, 2005 @ 5:26pm

    No Subject Given

    This kind of crap kind of makes you wonder who's pulling the strings on the guys pulling the strings on the board of directors of Diebold.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Jeremy Dinsel, Dec 1st, 2005 @ 5:53pm

    More information. It'll make it hard to sleep at n


    This related document sheds some light on what's going on. The run away train that is forcing us all over to e-voting machines is the most frightening phenomenom in our political structure.
    http://davidbrin.blogspot.com/2005/11/pertinent-reminder-of-how-stark-it-all.html

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Dave, Dec 1st, 2005 @ 7:25pm

    Corruption reigns supreme

    That's pretty grim. Still, it's pretty common knowledge that Diebold has been doling out money to the Republican party for a long time. I'm shocked, shocked to see that they're getting preferential treatment.

    I wouldn't be all that surprised if they're also greasing the palms of Democrats; corrupt individuals and companies frequently hedge their bets this way.

    Incompetent, unwilling to fix their sucky systems, and unwilling to submit to any scrutiny! All right Diebold!

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous, Dec 1st, 2005 @ 8:31pm

    Wake up America

    Wake up America. You are probably asking yourself two questions:
    "How did things get so bad in this country?"
    and
    "Why has there been relatively NOTHING about Diebold's antics in the main stream media?"

    Those are easy questions!

    Things have always been this bad; the Internet just makes it easier to circumvent the editorial decisions of media elitists who think they know what people want to hear. And this story isn't in the mainstream media for exactly that reason: editors don't think people care.

    Twenty years ago, you had to rely on a TV network, periodical, or newspaper to expose corruption. Think of all the crap that slipped through the cracks because of limited column inches, 30 minute news broadcasts, and a relatively tiny group of editors.

    Diebold is just one of those easily ignored stories. It's not flashy enough. And saying "elections are rigged!" is a painful "no duh!" message to 50% of the voters, and a "conspiracy theory" to the other 50%. In other words, you'll more likely see a story on CNN about a Britney Spears sex tape than Diebold rigging elections in Ohio.

    It's 2005, and all of us can be editors and publishers on the Internet. That's why this stuff is so offensive and shocking to us -- because it is suddenly so visible how we are being hurded like sheep.

    The question is: will we revolt?

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Dec 1st, 2005 @ 8:58pm

    Re: Wake up America

    "a Britney Spears sex tape"

    Link please ;)

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Bartikus, Dec 1st, 2005 @ 11:14pm

    Re: Wake up America

    I can't wait to see that tape either!

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Sephira Everliss, Dec 2nd, 2005 @ 12:03am

    Re: Wake up America

    You do of course realize that it is that kinda of attitude that is making the US circle the drain in the first place. Mainstream media knows what everybody cares about, and it clearly isn't the future of our country or anyone else's. We've become arrogant hedonists. The internet has become our wake up call of sorts. But everyone has to listen for it to make any kind of difference.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Andrew Strasser, Dec 2nd, 2005 @ 1:12am

    Re: Wake up America

    Literally no longer the "Almanac of the Dead" holding all of our countries hidden truths as we begin to unravel their intricate cover-ups. the one thing you must keep in mind though. Touch the Illuminati or Bones... too much and ya may learn something. Don't bother posting it though because as with voting machines they can remove anything they like from just about anywhere. I have found South Korean servers don't lose posts though...

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Stephen Tillman, Dec 2nd, 2005 @ 5:53am

    No Subject Given

    Great... Just what we needed. A legitimate reason to not vote. I've always held the opinion and view that voting really doesn't matter. Now I have even more reason to feel that way.
    If word gets out (which it seems to be doing) we're going to see another slump (hopefully a major one) in voting turnout.
    While this kind of boycott may, at first, seem to be the thing needed to shake this problem loose... there's one major flaw with it. If no one goes out to vote because they don't think that the voting system is safe, or if they don't because they are protesting... the only votes that will be counted are the ones that are purchased by the politicians. Not good. Then again, maybe that was the idea to begin with.
    Crap... I'm slipping on my tinfoil hat again. Sorry about that.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Bits, Dec 2nd, 2005 @ 6:43am

    Who do you think GOT these people in?

    Why would politicians want to challenge a system that got them into office in the first place (and is likely to keep them in)?

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    dan, Dec 2nd, 2005 @ 6:54am

    No Subject Given

    Luckily the county I live in (Geauga, Ohio; about 1 hour north of Diebold HQ), has not swictched to electronic systems. Hopefully, I am on the county seat by the time it happens, so that I can raise a holy hell. I will not vote on one of these machines until the source code can be scrutinized by independant parties, and I will make this know.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Stephen Tillman, Dec 2nd, 2005 @ 9:22am

    Re: Who do you think GOT these people in?

    Increased control. again... this is all based on my tinfoil-hat-like thought that the purpose of allowing publicly-doubted machines into the voting system is to scare away as many voters as possible.
    It's easier to control a smaller group of voters and it'll cost a lot less to buy them off. Again, it's all just a supposition that fits the facts, but has no supporting evidence.
    In the flavor of Occam's Razor, the easier and more likely explanation is that the whole political system consists of freakin' morons who just don't comprehend what they're doing with these machines. Meh.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Haggie, Dec 2nd, 2005 @ 11:38am

    No Subject Given

    40+% of eligible voters do not vote in national elections. That shows me that a substantial portion of our citizenship has little or no interest in who runs our country, so rigging or fixing of elections is really a non-issue.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Stephen Tillman, Dec 2nd, 2005 @ 2:16pm

    Re: No Subject Given

    Haggie:
    It's not that people have no interest in who's running the country; it's that people are disillusioned about whether or not their vote matters.
    I was always hesitant about that myself, until I found out that the Electoral Colleges are NOT required casting their state votes in accordance to the majority vote of that state's voters. (In fact, there was one year where the DC Electoral College abstained as a protest). So the truth is that your vote only matters if your vote agrees with what the Electoral College feels they should vote (or, if you believe some, who's lining their pockets).
    Add to that all of the controversies surrounding things like Florida's (yes, I'm a Floridian) inability to properly vote, this Diebold thing, politicians campaigning one thing and actually doing another in policy, all of the bi-partisan BS... it's no wonder why no one believes in the system anymore. We've seen time and time again where it doesn't work.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Joe, Dec 2nd, 2005 @ 3:30pm

    This post is not factually correct...

    Things have been understandibly confused lately so I can understand how techdirt -- normally of high-caliber -- might get things wrong. Here are a few corrections:
    * The initial date for the Diebold hack attempt was a target date and, like many things, was subject to change pending negotiation with the researcher in question and the vendor.
    * The SoS's Voting System Testing Summit had been planned for this past Monday and Tuesday for many months ahead of time and was in no way a replacement for the hack test. I was there as were a slew of academics (Avi Rubin, David Dill, Mike Shamos, Michael Alvarez) and activists (Kim Alexander, Jerry Berkman and others).
    * "stocking panels" was not what happened. There were specific panels for specific subjects. There was a panel to represent the state election officials, the testing authorities (of which only one showed up), the vendors, the academics, etc.
    * The event was invite-only as it was a working event tailored to bring many perspectives to bear on a hard issue. It would have been great to have anyone attend... but, you can imagine that would have changed greatly the environment and people's willingness to come together and collaborate on reforming the system. I can assure you that the activist perspective was represented... maybe not the shrill, kill-them-all perspective, but definitely the "how do we move forward" perspective. (the event was recorded and will likely be up on the SoS's web site eventually)
    * The post says, "However, it looks like the discussions were geared more towards listening to what the e-voting machine makers had to say, rather than what the reform advocates had to say." This is absolutely false. Out of 1.5 days, 1 hour was devoted to vendors and then we're lucky they came to answer our questions and we did give them tough ones.
    * The mood was sooooo not "everything's OK." It was much more about how poor the current testing and certification system is in general and how many flaws get through either undetected or unfixed.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    eskayp, Dec 2nd, 2005 @ 11:26pm

    Re: This post is not factually correct...

    Joe: -- Please don't confuse us with the facts!
    Tillman's tinfoil topper can only cover a limited amount of truth.
    Or is Joe actually a Diebold shill? Hmmm.
    Mike: -- Mod this up and give + karma.
    Oops, sorry -- wrong forum!
    ( slinking offstage left, into the shadows, to lurk some more )

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    Mike (profile), Dec 3rd, 2005 @ 1:14pm

    Re: This post is not factually correct...

    eskayp, well before you posted, I had already added Joe's comments to the post...

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    eskayp, Dec 3rd, 2005 @ 1:43pm

    Re: This post is not factually correct...

    Mike: We appreciate your efforts, or we wouldn't be here.
    It's refreshing when a litle humor and panache (Tillman) accompany a discussion on dead-serious topics like trustworthy elections.
    Joe's account of the situation added a firsthand perspective and eased some of the speculation.
    I wish more US citizens were aware -- and cared.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Arlene Montemarano, Jan 4th, 2006 @ 7:10pm

    PROBLEM OF RIGGED ELECTIONS NOT TAKEN SERIOUSLY EN

    Imagine this: A Trojan Horse unleashes thousands of illegitimate votes and disappears without a trace, election commissioners bypass laws, uninvestigated computer glitches and easily picked locks in voting systems, no federal oversight holding e-voting vendors accountable—yes folks, elections can be stolen.
    Since the 2000 Presidential election, problems stemming from the use of electronic voting machines have called into question the foundation of American democracy—the US voting system. At the forefront of concerns are security issues surrounding the use of Direct Recording Electronics [DREs], better known as touch screen computer voting machines, and their lack of a paper trail in the form of an auditable paper ballot. Widely reported irregularities from voting districts around the US have alarmed many and opened claims of stolen elections. Some even doubt the legitimacy of the outcome of recent US elections. A team of top computer scientists has been working diligently to resolve the many underlying design problems in the e-voting system that leave it open to cheating. Stalled by the federal government, and with doubts about e-voting continuing to spread, these scientists have instead turned to state governments and the National Science Foundation for help.

    "Maryland, where I live, uses Diebold DREs, which are an ideal opportunity for cheating," said Dr. Avi Rubin, Technical Director, Information Security Institute, Johns Hopkins University. "In fact, you couldn't come up with a better opportunity for cheating. There's no ability to audit or recount, and the entire process takes place inside the computer, which is not transparent."

    In May 2004, Rubin co-authored an analysis of electronic voting systems, raising concerns about lack of security, for the Institute of Electrical and Electronics Engineers (IEEE), the world's largest professional organization for technical standards. He also served in 2004 as a poll worker and election judge in Baltimore County, Maryland, where he lives. These and other experiences have only served to raise his concerns about the possibility for cheating via the use of electronic voting machines.

    Efforts to Secure E-voting Stalled
    Apprehension about the lack of security in Diebold's DREs and other touch screen computer voting machines spurred David Dill, a Stanford University computer science professor, to establish the Verified Voting Foundation in November 2004. According to Dill, when federal legislators tried to create a law that would address e-voting security problems, it was "blocked by a committee chairman, so we focused on state legislation."

    Since then, the group has been advising states on e-voting security problems and the need, at a bare minimum, for a verified voting paper audit trail.

    Earlier this year, Congressman Rush Holt (D-NJ) submitted a bill, The Voter Confidence and Increased Accessibility Act of 2005 (HR 550), to the House Administration Committee. The bill requires a paper audit trail at the federal level. But Holt has not been able to get the chairman of the committee, Congressman Robert Ney (R-OH), to schedule a hearing on it all year long.

    "Congressman Ney will not schedule a hearing on the bill, so it remains in limbo," confirmed Pat Eddington, Holt's press secretary.

    Even the bi-partisan federal Carter-Baker Commission Report could not nudge Ney. Set up to review the entire electoral process and co-chaired by former president Jimmy Carter and former Secretary of State James Baker, the report strongly endorses the need for a paper audit trail. (Congressman Ney's office did not return repeated calls.)

    In lieu of the refusal of some at the federal level of government to address the issues surrounding the legitimacy of electronic voting procedures and work toward safeguarding American elections, Verified Voting turned to state governments. Since its founding, Verified Voting has helped 26 states establish state legislation that requires a paper audit trail in e-voting machines, and 14 states have requirements pending, according to verifiedvoting.org.

    However, paper receipts only begin to address the complexity of electronic voting problems. The most serious concern among computer scientists studying the problems is the "Trojan Horse," a computer code that can be programmed to hide inside voting software, emerge in less than one second to change an election, then destroy itself immediately afterwards, going undetected.

    "Anyone who has access to the software—an insider—could easily insert a Trojan Horse into the software," said Barbara Simons, a past president of the Association for Computing Machinery and a retired IBM researcher who is co-authoring a book on the risks of computerized voting. The problem is that the Trojan Horse cannot be detected unless the software is inspected continuously—as in every second—for its presence.

    No Oversight of E-voting Legitimacy
    Three-voting vendors—Diebold, Election Systems and Software (ESS), and Sequoia—dominate the market. Since e-voting is unprecedented in the history of elections and law tends to lag behind technology development, there is no federal oversight body holding these companies accountable for the security and reliability of their electronic voting systems. Their machines are supposedly tested by independent testing authorities. "But it turns out that the vendors pay the independent testing authorities and the vendors keep the results confidential," said Simons. "So you have a huge conflict of interest right there."

    In addition, said Simons, "There is no requirement to make any problems public or even to reveal them to election officials because this information is proprietary for the vendors. Also, the testers are only required to test for things on a list and aren't required to test for things that aren't on the list. If you are going to subvert software, you are not going to do something that will be found by a checklist. So it's easy to insert a Trojan Horse into the software because the testing won't find it. And even if they did find it, there are no requirements to report it." Vendors are the ones who decide what goes on the list and what doesn't.

    The privatization of the US voting process means the public lacks access to, or the ability to inspect, election software, as well as information about or even the names of the computer programmers who created it. Private companies and e-voting vendors flatly state that their election systems must be kept confidential as exclusive property right products, and therefore refuse to release their software source code for inspection by independent third parties. They claim that to do so would violate their right to copyright secrecy and would open the door to rivals who could steal their products. But some wonder what else vendors might be trying to hide. For instance, according to information reported on www.blackboxvoting.org, a non-partisan, nonprofit consumer protection group that is conducting fraud audits on the 2004 elections, Diebold, one of the e-voting vendors, hired ex-felons, who were convicted in Canada of computer fraud, to program election systems software.

    "I don't want to malign ex-felons," said Simons, "but you want to know the names of the people who are programming the machines that will be recording and counting our votes." On the other hand, it is not uncommon for major companies to hire, as programmers, former hackers who have proven themselves to be advanced enough to hack into even the most sophisticated and safeguarded systems. In some cases, to successfully gain entry into an ultra-secured system can guarantee a hacker a job.

    E-voting machine companies like Diebold are, in essence, funded to the tune of $3.9 billion by a 2002 federal law, entitled the Help America Vote Act (HAVA) which appropriates these funds as only an initial amount to the states to purchase e-voting for all national elections. States are required to phase out punch-card ballots and other systems that seemingly were problematic in the 2002 presidential election in Florida and to standardize on electronic voting systems for national elections by January 1, 2006. The problem is that this does not give the states enough time to deal with the complexity of electronic voting systems. And HAVA does not require e-voting companies to provide the kind of good security in those systems that would prevent chances of cheating.

    Concerns about the many anomalies in the November 2004 election and about the gross lack of security in touch screen computer voting machines, spurred Dr. Rubin to apply for funding from the National Science Foundation to research solutions to the problems. In August 2005, the NSF's Cyber Trust program responded by awarding Rubin and his team of computer science researchers $7.5 million to investigate ways to build trustworthy e-voting systems. Rubin is now the director of the NSF project ACCURATE (A Center for Correct, Usable, Reliable, Auditable and Transparent Elections). ACCURATE involves six institutions that will collaborate to investigate how public policy and technology can safeguard e-voting nationwide.

    "The NSF recognized that this is a problem of tremendous significance to the country," said Rubin. "It's a deep-rooted, scientific problem."

    The funded researchers are Prof. Avi Rubin, Drs. Drew Dean and Peter Neumann of SRI International; Prof. Doug Jones of the University of Iowa; Profs. Dan Wallach and Michael Byrne of Rice University; Profs. Deirdre Mulligan and David Wagner of the University of California at Berkeley; and Profs. Dan Boneh and David Dill at Stanford University, along with numerous affiliates.

    However, scientists and academics can only partly address the complexity of e-voting problems, leaving many of the battles to be fought at the state legislative level.

    Bypassing the Law
    One especially salient example (as recorded on www.verifiedvoting.org), shows that in response to numerous and varied voting system malfunctions that occurred in the November 2004 elections, North Carolina passed tougher requirements for election systems in its Public Confidence in Elections Act in early 2005. Under the new law, manufacturers must place in escrow the source code, the blueprint that runs the software, and "all software that is relevant to functionality, setup, configuration, and operation of the voting system" as well as a list of all computer programmers responsible for creating the software.

    However, implementation of this law has been stymied by an interesting turn of events fueling the belief of some e-voting critics that Board of Election officials are too partisan for a job that requires objectivity, or who feel that election commissioners have relationships with e-voting vendors that seem far too cozy. The events in North Carolina involve Diebold—the e-voting vendor whose bid was selected by North Carolina's Board of Elections—and the very same Board of Elections.

    Diebold responded to the new requirements by asking to be exempt from them, but a North Carolina Superior Court judge refused to grant the exemption. After losing in court, Diebold withdrew from their bid to provide elections systems in November 2005. However, in a surprising turnaround in December 2005, the North Carolina Board of Elections certified Diebold Elections Systems to sell electronic voting equipment in the state, despite Diebold's admissions that it could not comply with the state's election law.

    The Board was able to do so because its election commissioners—not judges or computer science experts—are the ones who have the ultimate authority to certify election systems in the state. Instead of rejecting the vendor's applications and issuing a new call for bids that complied with the law, the Board of Elections certified all of the vendors' systems. The Electronic Frontier Foundation (EEF), a nonprofit consumer advocacy group of technologists and lawyers formed in 1990 to protect digital rights in our increasingly networked world, took issue with the North Carolina Board of Elections, which certified the three elections systems companies: Diebold, Election Systems and Software, and Sequoia Voting Systems. Citing the Board's action as an example of election commissioners having too much authority, Keith Long, EFF advisor to the Board, who was formerly employed by both Diebold and Sequoia, stated that none of the vendors meet the statutory requirement to place their system code in escrow.

    "The Board of Elections has simply flouted the law," said EFF staff attorney Matt Zimmerman in a release he issued on December 2, 2005. "In August, the state passed new rules that were designed to ensure transparency in the election process and the Board simply decided to take it upon itself to overrule the legislature. The Board's job is to protect voters, not corporations who want to obtain multi-million dollar contracts with the state."

    An ESS spokeswoman stated that ESS computer systems are secure, owing to a back-up system. However, as Simons pointed out, that does not address the problem. "If the machine doesn't record the votes correctly to begin with, it does not matter how many copies of that original incorrect recording you have." ESS' spokeswoman countered by assuring that the company's systems are accurate.

    How New York Measures Up
    New York State amended its Election Reform and Modernization Act of 2005 to include a provision for escrow requirements, which all election systems vendors must comply with in order to have an e-voting system certified in the state. The provision requires programming, source code, and voting machine software to be placed in escrow with the state Board of Elections, and requires the election systems vendors to waive all rights to assert intellectual property or trade secret rights. The amendment also requires that elections systems be tested by independent experts under court supervision.

    Putting software source code in escrow provides an opportunity to inspect the code when there are anomalies in the election. It is already difficult to track down malicious code like a Trojan Horse; however, as researcher Simons pointed out, "there's no chance you will find it if you can't look at it."

    New York also passed a series of bills, including a voter verified paper trail requirement that is an addition to HAVA, since the federal law does not require it.

    But New York's election law omits the requirement to turn over the names of all computer programmers who are responsible for creating the software code. Since programmers are the ones who would be able to create and insert a Trojan Horse code, they are the ones who could ultimately rig a national election. If you don't know who the programmers are, you can't find out who created the problem, or who asked them to do it. Not to mention that a Trojan Horse program is set up to erase evidence of itself once it has done its job.

    "Having the software source code doesn't guarantee that you will detect critical software bugs or malicious code," said Simons. "Anyone with access to the election software of a major voting machine vendor can change the outcome of a national election and determine which party will control Congress. Election fraud can now be committed on a national, not just a local, basis."

    Yes Folks, the Election Can Be Stolen
    With the old lever machine method of voting, election fraud could only be committed on a local, or possibly a regional basis without high risk of getting caught. But now it would take only one well-placed programmer creating malicious code to rig a national election. "How do you know what software is running on Election Day?" asked Simons. "You could easily add a last-minute software patch to do something on Election Day, [and that would] then immediately erase itself."

    Software bugs can also be programmed undetected. "Buggy software is an important problem in computer security," said Stanford University's Dill. "A huge number of problems we have are due to computer software buffer overflows, which overwrite computer functions to get control of the machine." Computer buffer overflows are a standard way for Trojan Horses to take control of a computer and make changes to it, while leaving no evidence behind.

    The GAO report concluded that national initiatives to improve voting systems lack plans for implementation or are not expected to be completed until after the 2006 election, stating: "Until these efforts are completed, there is a risk that many state and local jurisdictions will rely on voting systems that were not developed, operated, or managed in accordance with rigorous security and reliability standards."
    Reiterating the reality that there is no such thing as software without bugs, Dill explains, "Eliminating bugs from programs has been an unsolved problem since computers were invented. The problem grows harder every year, as the systems get more complicated. Anyone who says they can generate large software without bugs is not telling the truth. We don't know yet how to make computer programs perfectly secure. That is why you always have to have independent reliable ways to check the results. The election can be stolen, nobody can tell, and it's easy to do."

    Another opportunity for election fraud is in software patches, which are the routine fixes to software bugs that work the same way a repair patch is put on a flat tire. A programmer can deliver a patch to a bug that is an election rig instead of a fix and, again, it would not be detected unless it was inspected.

    "There's a tendency for people to regard computers as the epitome of accuracy," said Dill, highlighting the fact that the lack of security in the source code is fundamentally a human problem. "This is why computer scientists have gotten involved—because they understand the limitations of technology."

    Dill and other computer science professionals have been trying to educate people about the current, serious limitations of using computers for voting. "People just don't believe it when we say computer voting machines are insecure since they don't understand how deeply complicated software can be. Because these are computers, you need much more security with them than you do with old-fashioned paper-based systems," he explained.

    "The hardest people to convince are those who have signed multi-million dollar contracts to buy e-voting machines before they were made secure," added Dill, alluding to election officials who thought they were buying the latest, greatest technology in the DRE or touch screen machines and therefore later become defensive when computer scientists inform them that their purchase is unreliable and insecure. "They are understandably reluctant to admit that they made a mistake."

    And some complain that the January 1, 2006 HAVA standardization requirement, and the vagaries within the law that omit major areas of concern, has set unrealistic goals for election officials and backed them into a corner. Given the complexity of these machines, it can be argued that officials need more time for discovery and resolution to the problems.

    "If we find out after the purchase of these machines that they are not secure and Congress is given evidence that they are not secure, will they make a new set of regulations, which will cost X millions of dollars?" asked Lee Daghlian, public information officer of the NYS Board of Elections.

    Cozy Relationships and Huge Profits
    However, zooming in on the election commission business also reveals a close-knit community. As in the example mentioned earlier in which North Carolina's Board of Elections went ahead and certified Diebold systems despite the Superior Court judge's ruling, many see the close relationships between election commissioners and election systems vendors as overstepping certain ethical boundary lines. Huge profits are to be made by election-system vendors and they court election officials accordingly. "They wine them and dine them," said Dill. "Election officials have known the election systems vendors longer than they've known the computer scientists. And there's a revolving door. A good career path for an election official is to go work for a vendor."

    In October 2005, the General Accounting Office (GAO), the nonpartisan independent investigative arm of the federal government, issued an illuminating report that raised a multitude of concerns about electronic voting security and reliability. The report found that cast ballots, ballot definition files in the voting software, memory cards, and computer audit files all could be modified. Election systems had easily picked locks and power switches that were exposed and unprotected.

    The GAO report showed that voting-machine vendors have weak security practices, including the failure to conduct background checks on programmers and system developers and a failure to establish clear chain-of-custody procedures for handling voting software. It also found that voting system failures have already occurred during elections, identifying a number of cases in California, for instance, where a county presented voters with an incorrect electronic ballot, which meant they could not vote in certain races. And in Pennsylvania, where a county made a ballot error on an electronic voting system that resulted in the county's undervote percentage—that is when a candidate is given fewer votes that he or she actually won—reaching 80 percent in some precincts. And in North Carolina, where electronic voting machines continued to accept votes after their memories were full, causing more than 4,000 votes to be lost.

    And these are only a few examples out of thousands that were reported but not investigated.

    In addition, the GAO discovered that standards for electronic voting adopted in 2002 by the Federal Election Commission contain vague and incomplete security provisions for commercial products and inadequate documentation requirements; and that tests currently performed by independent testing authorities and state and local election officials do not adequately assess electronic voting system security and reliability.

    The GAO report concluded that national initiatives to improve voting systems lack plans for implementation or are not expected to be completed until after the 2006 election, stating: "Until these efforts are completed, there is a risk that many state and local jurisdictions will rely on voting systems that were not developed, operated, or managed in accordance with rigorous security and reliability standards—potentially affecting the reliability of future elections and voter confidence in the accuracy of the vote count."

    In response to the release of the GAO report, members of the House Committee on Government Reform issued a statement that highlighted a long list of voting system vulnerabilities, also reported by Dill's Verified Voting Foundation. But the reality behind the GAO laundry list is that electronic election systems are grossly inadequate and that vendors are not being held accountable by election commissioners to provide security in their election systems or, as in the case of the North Carolina Board of Elections, even to comply with the law.

    Not to mention, "They have none of the security levels that computer scientists have been asking for," added Simons.

    If election systems vendors are not required both by law and by state election commissioners to place their software source code in escrow, then voters will have no way of knowing whether the software contains malicious, election-rigging code or not.

    But as the technical director of Johns Hopkins' Information Security Institute, Dr. Avi Rubin believes it is only a matter of time before the vendors are forced by legislators to give it up. "I think they will be forced by law to share their source code. But they will do it kicking and screaming."

    Despite the steadfast work of the leading computer science experts and grassroots activists, it seems the problem of election rigging is still not taken seriously enough. That means it is still easy to rig an election via e-voting in the United States, and it will continue to be easy until election fraud is considered a priority.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Arlene Montemarano, Jan 10th, 2006 @ 8:17am

    Re: PROBLEM OF RIGGED ELECTIONS NOT TAKEN SERIOUSL

    The article above, THE PROBLEM OF ELECTION RIGGING NOT TAKEN SERIOUSLY ENOUGH, submitted by me, was missing the following link: http://www.chronogram.com/issue/2006/01/news/
    the author of this fine piece is Cheryl Gerber.
    I regret the error.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Anonymous Coward, Jan 15th, 2006 @ 4:41am

    Re: PROBLEM OF RIGGED ELECTIONS NOT TAKEN SERIOUSL

    On the previous article the following link was inadvertently left off:
    ==
    The author of the article is Cheryl Gerber.
    I apologize for the error.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This