How Can You Test An E-Voting Machine For Malfunctions If You Don't Get To Test The Machine?

from the just-wondering dept

Now that Florida's governor has admitted that e-voting machines without a paper trail are not such a good idea (though, the optical scan machines he wants to replace them with have their own problems), you would think that Florida would be all for a thorough investigation into the problems of the old machines. Perhaps not. Remember Sarasota, where a bunch of votes appear to have gone missing? In the lawsuit over this, the judge denied the request to see the e-voting software source code, saying there needed to be more evidence that the machines malfunctioned first. At the same time, however, the Department of State in Florida has been trying to commission an "independent" study of the e-voting software, and even spoke to Ed Felten about joining the team. He's listed as one of the investigators, though he actually declined to take part. Why? Well, it turns out that they want the investigation to take place without actually letting the experts view the working software or the e-voting machines. Instead, it only wants to give them the source code and let them comb through the source code alone to try to figure out where the malfunction could have occurred. It's great that at least some experts are finally getting a chance to look at the source code, but it makes you wonder why all of these e-voting security tests always have strict limitations on them. If they really wanted to know what the security vulnerabilities are, shouldn't they make the test much more complete?


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    _Jon, Feb 6th, 2007 @ 10:59am

    Geeze, that would be something to work in that industry eh? Write a piece of code, but not have it subjected to fully scrutiny and fully functionality testing.

    I could probably crank out a couple of new applications a month if I didn't have to show that all of the features worked and didn't have to worry about the customer being able to adequately test it after there was concern of a malfunction.

    ... only in the public sector ...

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Joshua, Feb 6th, 2007 @ 1:26pm

    If they really wanted to know what the security vulnerabilities are, shouldn't they make the test much more complete?

    The answer is that they don't want to know that there are security vulnerabilities. They just want to get people off their backs for picking bad systems.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Jo, Feb 6th, 2007 @ 3:21pm

    Don't talk about something you don't understand

    Voting software is subject to intense scrutiny and testing. To be deployed, the software and machines must pass intense federal certification including source code reviews and functionality testing. Then, they must pass state testing, in each state the software is used. The practice of letting everyone and anyone test this again is stupid. Why hand this stuff over to all of you conspiracy hackers when it's already been fully qualified by federal authorities?

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    Mike (profile), Feb 6th, 2007 @ 3:33pm

    Re: Don't talk about something you don't understan

    Voting software is subject to intense scrutiny and testing. To be deployed, the software and machines must pass intense federal certification including source code reviews and functionality testing.

    Uh huh. That's why the Federal Gov't just discovered that the companies they'd hired to do the testing hadn't actually been doing the testing. In other words, despite what you believe, no, the "intense scrutiny and testing" didn't happen.

    . The practice of letting everyone and anyone test this again is stupid. Why hand this stuff over to all of you conspiracy hackers when it's already been fully qualified by federal authorities?

    Ah, "conspiracy hackers," huh? Why *wouldn't* you want to hand it over to them. If they are unable to hack it, wouldn't you prove that the machines were really secure? What possible reason could there be not to let them try? And, again, the machines WERE NOT fully qualified by federal authorities. That's part of the problem.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Jo, Feb 6th, 2007 @ 3:40pm

    Re: Re: Don't talk about something you don't under

    Like I said, don't talk about something you don't understand. I don't just believe that these tests took place, I witnessed them and took part in them. These systems have been, and are, qualified.

    I wouldn't hand it over to someone like you because idiots like you have no understanding of the industry and have no comprehension of responsibility and accountability. You would publicize everything, share everything, and hand it over to other irresponsible and ignorant people like yourself.

    Get a clue and just admit that all you know about this is what you read on conspiracy blogs and you have no REAL understanding of this process.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    nedu, Feb 6th, 2007 @ 4:43pm

    Re: Re: Re: Don't talk about something you don't u

    [...] no comprehension of responsibility and accountability.

    Way back in the summer of 2004, there was a story about an earlier iVotronic problem:

    [...]

    In a letter to Hood, Kaplan explained she did not publicly disclose the Suarez memo about Homestead because she sought to "strike a delicate balance between raising valid concerns ... and not necessarily alarming the public."

    Hood has sought to fend off criticism over the audit glitch by claiming that she did not know about it until it was reported in the Daily Business Review last month [May 2004].

    But on March 12 [...]

    Accountability? Responsibility?

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Joe T, Feb 6th, 2007 @ 6:15pm

    Re: Re: Re: Don't talk about something you don't u

    Since my products undergo Federal certification too (although they are encryption products, not voting machines), I think I can speak to the fact that not all federal certification is what it's cracked up to be. I'd be interested to know what, precisely, is tested on these machines. The individual military branches do penetration testing on our equipment following a standard test plan that isn't always appropriate for what our product exactly does, but that's all that is required. I'm not saying that my product (or yours, for that matter) is insecure, just that you can't hang your hat on Federal certification as a standard-bearer for security.

    In the information security world, as in the cryptography world, if you aren't willing to let any qualified party test your system for vulnerabilities, than you are presumed to have something to hide. As an example, RSA's RC4 encryption algorithm was not made available for public and cryptanalytic scrutiny - RSA would not permit it. After it's patent expired and people got a look at it, it was found to have all manner of weaknesses.

    When the integrity of the electoral process is at issue, nothing short of full scrutiny and disclosure can ever be acceptable. Security by obscurity, it is said, is no security at all.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    ScytheNoire, Feb 7th, 2007 @ 12:10am

    Jo

    I can see we have an industry insider here trying to cover their own butts.

    Truth is, eVoting machines have been proven to be insecure, just look on YouTube and you can find plenty of videos showing just how insecure and mishandled it is. It's the next great conspiracy. Any election with an eVoting machine will always be accused of being a fraud because of how insecure these machines are, how easily it is to fix an election with them, and because they won't be open about their machines and software. When someone is trying to hide something, there is usually a good reason why, and it's often not a good reason.

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    Mike (profile), Feb 7th, 2007 @ 12:29am

    Re: Re: Re: Don't talk about something you don't u

    I don't just believe that these tests took place, I witnessed them and took part in them. These systems have been, and are, qualified.

    And, you explain the problems the machines have faced, how?

    And, you explain the decertification of the testers how?

    Whether or not you witnesses some tests, there were clearly problems with the testing process and the machines. I'm not quite sure how you can continue to deny either *fact* with a straight face.

    I wouldn't hand it over to someone like you because idiots like you have no understanding of the industry and have no comprehension of responsibility and accountability. You would publicize everything, share everything, and hand it over to other irresponsible and ignorant people like yourself.

    That's not an answer, it's an insult. I don't quite see how that should make me any more comfortable.

    And I'm curious how you define people like Ed Felten and Avi Ruben as "irresponsible and ignorant people." How are they ignorant and irresponsible?

    More importantly, you don't actually explain why letting anyone test these machines is a problem. You just say you don't like them and they wouldn't understand. That's not particularly compelling. If they're so awful, and they still can't crack the machines, then you've won them over. Where's the problem?

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Enrico Suarve, Feb 7th, 2007 @ 1:06am

    Re: Re: Re: Don't talk about something you don't u

    Wow - if there is one thing that is virtually guaranteed to bring out a supremely arrogant and offensive post, it's daring to question a Diebold machine

    How dare they? Do they not know we know best? Bastards...

    Basically you create machines which collate and record the average citizens only real involvement in the entire decision making process of their country. To not understand why, having lost their confidence they then want to be able to ask questions and see for themselves is amazing

    Any other company would lose its tender about now

    I have seen:

    *Machines with the same physical security as a mini-bar with keys so poor they can be successfully duplicated from a grainy photo
    *Mock elections supervised by senior election staff which demonstrated 'hands-off' vote rigging
    *Letters from senior members of Diebold, hinting at offers to vote rig
    *Testimonies from various members of the public who insist they hit one button on a screen but another appeared pressed
    *Paper trails (original and reprinted) from the same Diebold machine reporting on its results from the same election that do not match by a significant margin
    *Counties where Diebold machines have been thrown out by officials as there are significant concerns

    You already lost people's confidence a long time ago, abusing the law to withhold evidence over something as important as voting machine 'malfunctions' may not just be arrogant, it may even be treasonable. Or is that why the ass-covering is so extreme?

    As to your "we know best" re testing - great it passed your test, I assume you have reliable, documentable evidence that you are perfect and make no mistakes?

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Enrico Suarve, Feb 7th, 2007 @ 4:54am

    Re: Re: Re: Re: Don't talk about something you don

    My apologies - I had missed that these weren't Diebold machines

    Obviously the statements re the problems I have seen with the machines do not hold water in this case but I stand by my assertion that allowing valid representatives of concerned groups full disclosure is the only way forward

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    _Jon, Feb 7th, 2007 @ 5:48am

    Even though the other comments have dissed the disser, I'm going to pile on. Specifically, the "you wouldn't understand" part. What *isn't* there to understand? It's a frickin' *vote counting* machine! It *can't* be that complicated. In fact, for the people who read this site, it is as complicated as something we've probably designed & developed as an intern somewhere.

    And as far as what it does - the (relatively) uneducated people of Afghanistan used ballots that had *pictures*. No machines, no scanners, just ballots and people. It isn't that complicated.

    The voting process in any country *must* be transparent. That should have been a spec of the system when bids went out. In fact, if it were, I'm sure we wouldn't have seen these types of problems in the first place....

    /pilingOn

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Jo, Feb 7th, 2007 @ 12:41pm

    Re:

    First of all, the idiot that says vote counting isn't complicated is completely ignorant. Elections in the U.S. are more complicated and intricate than you could grasp. With all of the combinations of straight-party voting, pick-a-party, open, closed, and consolidated primaries, rank choice voting, candidate ballot rotations based on complicated algorithms, union rules, ADA compatibility, HAVA compliance, and all the little election rules made up in all of the little jurisdictions of the U.S., it requires very complicated and intelligent systems to accommodate. So no, you in particular, would not understand.

    The point people often miss, which is left off of the conspiracy blogs, is that all of these 'hacking' attempts that are requested are made to do so in some sort of vacuum. In some obscure room where a gang of hackers get together and try to penetrate the system with unlimited resources. In any election, paper or fully electronic, there are procedural and security measures taken that complement and supplement the security features of the system itself. This is in addition to internal and system-independent, pre- and post-election audit features. Even in a hand-count scenario, the election is nothing without procedural security measures in place.

    Obviously anyone could hack a hand-count if no one was watching them and no one placed any security and audit measures on the actual count. A similar situation applies to electronic voting systems. Of course I could rip the guts out of any machine and make it work differently if I'm given unrestricted access for extended periods of time. These election companies, in my experience, are more than happy to put the systems to the test in the proper environment. Show me one case where an actual, real-life, electronic election was proven to be hacked. You can't, because it hasn't happened. All of you will say that the hackers just cover up their tracks, but take it for what it's worth: with all of the security and audit features outside of the system itself, it is next to impossible. Add the security features of the actual system, and it is impossible.

    The other thing all of you forget is that the companies that make these machines are companies, not charities. The knowledge of elections these companies have gained over the years is their primary asset. They're happy to let people test the systems, but if access is completely unrestricted, who's to stop people from copying the system, and essentially the knowledge? Let alone taking the system out of the context of an actual election?

    The fear mongering movement has obviously worked on many of the people on this post, in addition to many people throughout the U.S. This is exactly what they want you to do, doubt a reliable system, so that you feel like your vote counts even less. The election companies don't have some hidden agenda, they want the same thing the American people want, a trusted system; that way people would buy more of them, it's business, and many people like those on this post just don't get it. You should be supporting these election companies because they have the same goals as you and I. It's the crazed power junkies that know if they spread this fear around, the average Joes out there like all of us will be less likely to vote on election day, and they will remain in power by making all of you feel democratically worthless, and creating your self-fulfilling prophecy. So far, it's worked on most everyone on this post.

    Elections throughout this country, and the systems they are conducted on, are extremely scrutinized and very reliable. It is the people in power that need to be scrutinized. I know my little opinion won't change your minds and ease all of your dark fears, but maybe it will make you think twice when you read your next 'conspiracy' blog....

     

    reply to this | link to this | view in thread ]

  14.  
    icon
    Mike (profile), Feb 7th, 2007 @ 2:44pm

    Re: Re:

    Jo,

    I'm sorry, but you're not being convincing here. When you have no argument you fall back on insults. "Conspiracy blogs." Yet, you're talking about the work of some very widely respected computer science professors. How are they conspiracy blogs?

    The answer is that they're not.

    On the point about complications, again, you fall back on insults, rather than explanations. I understand pretty thoroughly all of the complicating factors you list out, and I still don't see how that's particularly complex. People (many people right here) code much more complicated systems all the time -- and aren't so worried about letting it be tested.

    The point people often miss, which is left off of the conspiracy blogs, is that all of these 'hacking' attempts that are requested are made to do so in some sort of vacuum.

    Again, you fail to state why that's a problem. If the hacking can only take place in a vaccuum, that's made clear as well. The problem is that many of the hacks explained also show that they are completely possible in real world environments. Isn't that a problem?


    Show me one case where an actual, real-life, electronic election was proven to be hacked. You can't, because it hasn't happened.

    Well, that's just the problem. Because no one's able to check these things and there's no clear audit trail, no one knows whether that's true or not. I could just ask you to give me actual real-life proof that a machine HAS NOT been hacked. Each question is equally useless. Neither has any bearing on whether or not security researchers should be allowed to examine the machines.

    with all of the security and audit features outside of the system itself, it is next to impossible

    Right, that's why Avi Rubin pointed out that the people at the polling place where he was an election judge ignored the security tape being removed. Yeah, next to impossible.

    The other thing all of you forget is that the companies that make these machines are companies, not charities.

    And the thing that YOU forget is that this is a national, democratic election. This isn't for the sake of helping these companies make a profit, it's for the sake of making sure the election is fair and honest.

    The election companies don't have some hidden agenda, they want the same thing the American people want, a trusted system; that way people would buy more of them, it's business, and many people like those on this post just don't get it.

    I'm sure they do what a fair and honest election. I believe that. What I don't understand is why they won't let the machines be tested by the researchers -- because that would help them prove beyond a reasonable doubt that the machines really are secure.

    Elections throughout this country, and the systems they are conducted on, are extremely scrutinized and very reliable.

    Yes, and how do you explain the various problems that have cropped up in live elections over the years?

    I know my little opinion won't change your minds and ease all of your dark fears, but maybe it will make you think twice when you read your next 'conspiracy' blog....

    It's not "dark fears" and it's not "conspiracy" thinking. We're just wondering what's wrong with letting some well known, well respected top computer security researchers test the machines?

    You haven't answered that question. You've just tried to insult everyone's intelligence by saying "we just don't understand." There are a lot of very smart people here. Try to explain it to us, and we'll understand.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    bits, Feb 7th, 2007 @ 5:09pm

    Hack the systems on election day

    It would be awful if all of the sudden all of the data becomes skewed when it is collected from the nodes, or if a group of people actually hack the systems to prove a point. It'd be voter fraud and probably a bad if anyone got caught. But what will it take for the government to care?

    Oh, a ficus plant could probably do a better job as a politician. and cost a lot less.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Jo, Feb 7th, 2007 @ 5:14pm

    Re: Re: Re:

    Read your original article, it was a judge that denied the request, not an election company.

    When requested to see the source code, the company was happy to do so.

    You can deny it all you want, but your conspiracy theory has skewed your perspective and now your thoughts are governed by your emotions; fear primarily. I don't say this to insult you; I say it to point out a serious pandemic that many people like yourself have been inflicted with. It’s the fear that the world is out to get you and that little evil monsters live inside the voting machines. You (and I only use you as an example, I actually think you’re intelligent and well written) have been duped by the dupers and they have won, and as a result, they sell ads, books, tv spots, and get voted in to office by leaving the doubters at home on election day. They have made even some of the smartest people doubt these machines, not because they have failed the people, but because it benefits those in power for you to doubt them; it keeps them in office or it makes them money because you continue to contribute hits to their websites and buy their books. The companies have always complied with legitimate requests to test and inspect the software. They handed over their source code for review on multiple occasions and have never denied the request of any U.S. government authority to review the code or test the equipment.

    I am not trying to insult anyone; I am pinpointing the real problem, which is this fear that has skewed the thoughts of the public. This string of comments is a prime example. Reread the original article, the government blocked the review, the company complied, the companies always comply when the request is legitimate, but that never makes the headlines or the blogs that you read, if it did, you’d stop reading them and the blogs wouldn’t be able to sell ads and books would collect dust on the shelves. The companies own the code, and can not be made to decipher between private requests to legitimately test the system and those who want to test it so they can write books, sell ads on their websites, make HBO specials, define their otherwise obsolescent career, or achieve relative fame; all by spreading fear. So the companies will always comply when requested by the authorities, but can not comply when requested by individual groups of fear mongering profiteers whose end-game is to twist the truth and damage the company and democracy even further.

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    Mike (profile), Feb 7th, 2007 @ 6:44pm

    Re: Re: Re: Re:

    When requested to see the source code, the company was happy to do so.

    You have some proof on that? Every time they've been asked, they've denied very publicly. Do you have some public info that shows they're willing to supply it?

    You can deny it all you want, but your conspiracy theory has skewed your perspective and now your thoughts are governed by your emotions

    Can you explain what "conspiracy theory" you think I have? I don't have one. I have stated repeatedly that I don't think the e-voting companies have done anything malicious. I just think that they haven't done a very good job convincing people their machines are safe.

    How is that a conspiracy theory? It's an opinion, but one that I back up with an awful lot of evidence. So far, your evidence has been "you guys are too ignorant to understand."

    You also, I note, refuse to explain how Ed Felten and Avi Rubin are conspiracy theorists, rather than well respected professors at top universities. Every time you ignore that question, it makes you look worse, by the way.

    The companies have always complied with legitimate requests to test and inspect the software. They handed over their source code for review on multiple occasions and have never denied the request of any U.S. government authority to review the code or test the equipment.

    This is provably false. You may believe it's true, but explain what happened in North Carolina? Diebold was asked for their source code and refused.

    At the same time, you sneak in that extra "request of any U.S. government authority" but fail to note that the testing on those machines by the "U.S. government approved" testers was flawed (something you earlier denied, though it's also proven fact).

    You still refuse to explain what's wrong with letting well respected security experts look at problems with the machines.

    You also (conveniently) leave out what has happened in the past when folks like Ed Felten and Avi Rubin have gotten access to those machines -- which is that they have found some very serious security flaws in them that absolutely could lead to problems. That is NOT saying that anything bad has been done -- but that there clearly are major security flaws with these machines.

    Jo, I'm afraid that as long as you continue to not answer any of these questions, but insist on calling everyone who disagrees with you a "conspiracy theorist" when the only conspiracy discussed in this thread is the one you've brought up about how the whole story is to create fear and make sure no one votes -- it's tough to take you even remotely seriously.

    Please try to answer the direct questions next time.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Jo, Feb 8th, 2007 @ 9:57am

    Re: Re: Re: Re: Re:

    Dieblod machines aren't used in North Carolina, Diebold didn't need to submit the code because they weren't selling their products in the state. But you will continue to ignore the facts.

    The EAC changed their requirements for testing effective this year and developed an entirely new certification process. The ITAs were following all federal guidelines. Once the rules changed, they found that this one ITA (Ciber) did not comply with the NEW rules. They requested Ciber change it's practices to meet the new rules, Ciber is doing so. You can't change the rules today, and get upset because they weren't following the new rules yesterday.

    Like I said, when the government asks to test or review, the companies comply, but that never makes the press, so unfortunately I can't point to articles that prove this, my testimonial won't suffice for you, but they do comply, otherwise you'd hear about it. When the profiteers request it, the companies will always deny it, and that will make the press every time, and that will be all you hear.

    I'm sorry to break it to you, but even though Avi is a very intelligent person, he is in this for the same reasons everyone else is, to make money and be famous. Being the "election expert" has defined his career and provided him relative fame, which has allowed him to start up businesses and get his foot in the door by having a recognized name. I like what he has done from a business standpoint, it's very intelligent and he has found success doing it. I don't blame him for only pointing out the things that will further his career, if he pointed out the good things, he would not be as successful professionally. But for you to think that people like him do this out of the good of their heart, you are again blinded by your emotions. He, like his counterparts, provide selective information to reach their end-goal of being professionally and financially successful, and you buy in to it. Did Avi ever talk about the good parts of the code? No, that wouldn't help his cause. And if he did, it would simply be ignored.

    You won't find articles on the web of these companies submitting to federal/state certifications and requests, but it happens almost every week. You want me to prove that the companies comply to requests, I don't need to, you explained it in your original article just fine, the company did submit their source code for review, like they always do... You want to believe that everything is terrible and they can't be trusted because these profiteers are denied the opportunity to test the system and subsequently twist the facts. How is the company supposed to determine who is in it for the money and who isn't? They can't. I would hope that you wouldn't be so ignorant to believe that every request is made to help the system. Many, if not the majority, of these types of requests are done so to eventually make a profit or get famous because that is what motivates people.

    I know that convincing the 'scared' will never work, there are too many people out there that are working against providing the truth for someone like me to be successful in getting my point accross. I just feel obligated to provide the opinions and information from someone who actually knows how this works. Otherwise, the misinformed will continue to be the only voice out there.

    I was once convinced, like you, that the system is broke and the companies are to blame. But when I took it upon myself to really find out what was going on, I actually injected myself in to the electoral process and witnessed it first-hand, I realized that these elections are reliable, and that the fears are unfounded. But as long as you continue to only focus on the bad (which you have no choice to do because there is no profit in the good news so no one provides it) you will never really understand the system.

    Unfortunately, other people like myself never speak up because people like you will never listen, you've proven that. You want to believe that the companies are trying to hide something, it gives you excitiement and content for new articles. What I wish you would realize is that by closing your eyes and ears to people like me is only making the situation worse for the American people (maybe better for you individually). You should be thankful that someone in the 'know' is providing real information, but you won't, and that's just sad.

     

    reply to this | link to this | view in thread ]

  19.  
    icon
    Mike (profile), Feb 8th, 2007 @ 10:21am

    Re: Re: Re: Re: Re: Re:

    Jo,

    It's hard to see how you are a trustworthy source here.

    1. To claim that Diebold didn't have to supply their code because they weren't being used there is just wrong. They were specifically asked to supply the code to get approved there and they refused. That directly contradicts your claim that they automatically supply the code when needed.

    2. You apparently don't read Avi Rubin's reports. He actually does point out where what these companies have done is done well. So to claim he doesn't continues to discount your credibility.

    3. You continue to insist that I'm making claims about these companies doing something maliciously. I never have. I don't think they are. Since you keep assuming I'm saying something I'm not, I'm not sure how many times I need to respond on this issue.

    4. As far as I can tell, the only one with a conspiracy theory here is you. You're claiming that this is all a big scam to keep the voters scared -- though you don't explain how that actually helps anyone. I don't think there's any conspiracy here. I just want to see the machines tested.

    5. You still don't explain why there's a problem with letting the machines be tested. If they're secure, why not let them be tested?

    You claim that we're ignoring you, but it seems fairly obvious that's not the case at all. If I were ignoring you, I wouldn't keep asking questions to try to understand where you're coming from. The reason I'm asking questions is because what you say doesn't make any sense, isn't supported by anything and doesn't match up with the numerous damning reports about the security of these machines and the failures to test them thoroughly.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    _Jon, Feb 8th, 2007 @ 12:09pm

    Transparency

    Due to the *fact* that there are people who will attempt to illegally effect an election, it is a requirement that all elections be transparent a verifiable.

    This requirement is common sense and a Constitutional requirement.

    If you believe there is a "conspiracy theory" here perhaps you should look at the people in position to benefit from such a conspiracy. Those of us who want transparency are speaking from a position of _preventing_ conspiracies. An election cannot be stolen if everyone can re-count the votes themselves. That's the type of transparency I want.

    An election *can* be stolen if no one can re-count the votes. This argument isn't so much about what *has* happened. It is more about what *could* happen. A transparent system will not allow a stolen election. A closed system with no physical audit or hidden procedures allows - at least in theory - an election to be stolen. *That* is what we - as a nation - need to avoid. We need to use an election process that encourages support of the process and ensures to everyone involved - winner and loser - that it was fair.

    People with no peaceful way to change their government will take up arms to effect a change. That is how important it is that the election process be transparent to the common voter.

    Jo, you are clearly a smart person and can understand the complexities of the field you are in. But you've already said that not every person in this nation will understand that. However, we are all guaranteed (via the Constitution) that the election process must be a process that each voter can understand. If the election process is morphed into something so complicated that the common voter can't understand it, then it is wrong and needs to be changed.

    I've taken your comment as a lesson to me that the voting process is much more complicated than I thought it was. You scored a point with me.

    But I think you should take this point into your mind: The election process is more complicated than it is supposed to be. Work to make it more open, not less.

    Thanks

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Jo, Feb 8th, 2007 @ 12:38pm

    Re: Re: Re: Re: Re: Re: Re:

    Diebold didn't want the North Carolina business, so they were in no way obligated to provide anything to them. The request was part of the RFP process, and since they were not proposing, they weren't obligate to provide anything. They had already passed the federal certification, why spend money and resources in a place where they weren't doing business? You live in a fantasy world man, these are companies, and if they don't make money, the products never improve and we'll be stuck with old technology.

    You've fulfilled everything I claimed. I don't need to back it up any more; you've proven it all for me. You are so scared that you won't have anything to write about, you can't just be thankful that someone who is actually involved in this has provided information. You have discouraged more people from providing the other side of this story. So your comments will continue to be filled with one-sided views from misinformed people, and sadly, that is exactly what you want. Because of people like you, the news will continue to be skewed to the negatives because that's what people want to read about, and the positives in elections will never be brought to light. No one ever hears about the hundreds of elections conducted each month that are successfully audited. Any cognition of anything other than what you already believe would somehow be a defeat to your livelihood and you would never allow that to happen. It is people like you that make it pointless for the companies to make any effort. Say, for example, they did let some profit hungry group outside of the law test these machines, and they found that they worked perfectly, it would end up a small footnote in some minor article that no one would read. The machines working correctly isn’t newsworthy to people like you. Sadly, you want the machines to fail, it provides content for your articles…

    The machines are tested, during federal and state certification, and also at the county and election level. Having people profit from testing these machines outside of the law is contradictory to what you want, yet since it doesn't create hits on your articles, you will never admit it. The machines are certified, which means they were tested and approved by the government; call the EAC, go to your local election office and ask to witness the public tests, volunteer on election day, ask to watch the certification testing. No one is going to come to your house and let you play with the machines so you can feel better about things and then write about it the next day so you can be popular. If you want proof, contact your state SOS office, ask for a list of certified equipment, inquire about the certification process, ask for certification materials, hold your elected officials accountable, and set up a meeting with your state elections director. Sadly, you would never go out of your way to do these things because if you saw something that went against your belief that "no one tests the machines", you would have to admit being wrong and you would have less to write about. Your whole fantasy world would come crashing down if you opened your eyes to the truth and actually made an effort to see how elections are conducted, but the truth isn't interesting, it doesn't make for good tech dirt, so it would be pointless for you to make any real effort whatsoever. So just keep throwing out your hearsay and twisted information, it gets hits on your website, and that's all you really want. There is a process in place to test these machines, as much as you all cry and whine, the companies are never going to let some book writing profiteer to attack these machines and pick the facts they want to present. The testing needs to be done by indepnedent reviewers that aren't biased by what their audience wants to hear. The companies follow the fair rules the government has set for them, and they oblige wherever they are required to do so.

    I will discontinue providing the opposing view, it’s pointless because you will always believe what you want to believe and are too proud to do or even consider anything else.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Jo, Feb 8th, 2007 @ 12:57pm

    Re: Transparency

    Jon,

    You are right, this process does need to be open to the public. It is open, to an extent. Almost every election office in the nation is required to conduct public tests before every election so that the voters can see for themselves and take part in the verification of the system. I have been to literally hundreds of these, but sadly, the public RARELY shows up. They aren't interested in proving that the election is good, they are only interested in the bad.

    The EAC and the legislature are putting things in to place that will help make this even more open to the public. But the companies are never going to be able to pick between which advocacy group wants to test the machines for the good or which is going to test them so they can twist the facts and make money. So the only option these companies have is to comply with the law and leave it in the hands of the government, and essentially, the American people.

    All I am asking is that you (not specifically you) do your part in hearing out all sides of the story, even though my (not specifically my) side of the story is rarely told. These companies are not to blame here; we, as Americans, are. We have voted these crazy election rules in to law and we have supported the people who get voted in by spreading fear. If we aren't satisfied, we have to take it upon ourselves to better things and to see for ourselves, that's the American way. We can't sit behind our keyboard and present biased information that only compounds the problems without conducting the necessary due-process. Aggregating what we read on some random blog doesn't get us anywhere, we must open our eyes and take part in the process.

    Jon, I thank you for your comments and will take your point very seriously. You have proven to me that not everyone wants to ignore the truth and you have shown me that there is active cognition still taking place out there.

    On a side note, the election companies, from what I have gathered, have no interest in opposing paper audit trails. My guess is that by doing so, they will make more money, and I haven't heard any of them oppose this. However, I have seen them be very cautious, adding a receipt printer to the voting process does create more failure points and possible complications, I believe that they just want to make sure it is done right. That's my belief, I'm sure there are other ones out there.

     

    reply to this | link to this | view in thread ]

  23.  
    icon
    Mike (profile), Feb 8th, 2007 @ 1:12pm

    Re: Re: Re: Re: Re: Re: Re: Re:

    Jo,

    Would you like to state what e-voting company you work for? It might help clarify where you're coming from.

    Diebold didn't want the North Carolina business, so they were in no way obligated to provide anything to them.

    Ah, right. That would be revisionist history. You're the one going on about how these are businesses that want to grow -- and yet, suddenly, Diebold "didn't want" North Carolina's business? That's simply false. Why would they even protest the request for their source code if they didn't want it?

    You live in a fantasy world man, these are companies, and if they don't make money, the products never improve and we'll be stuck with old technology.

    Wait, wait, wait. You just said Diebold didn't want the business. You're confusing me.

    But the more important point is that it's you who seems to be in a fantasy world. No one is trying to stop these companies from making money. Nowhere do you explain how letting security experts test their machines would cost them any money.

    If anything, letting those security experts point out flaws is what will help improve the technology. Your statement doesn't add up. It doesn't make any sense.

    You are so scared that you won't have anything to write about, you can't just be thankful that someone who is actually involved in this has provided information.

    Huh?!? If there is one thing that is universally true around here is that we are NEVER at a loss for something to write about. I could never write about e-voting again and be perfectly happy. Honestly, we're swamped here and would love to have FEWER things to write about as it would make our lives easier.

    We aren't writing about this for sensationalism. We're writing about it because it's important.

    You have discouraged more people from providing the other side of this story.

    How? By asking you to support your statements rather than insulting us? If that's what it takes to "discourage" people like you, you're in the wrong business.

    So your comments will continue to be filled with one-sided views from misinformed people, and sadly, that is exactly what you want

    No. That's not what I want. If someone wanted to come here from the e-voting industry and back up their position, that would be great. That would be wonderful. That's what we've been ASKING for all along. The problem isn't that we're discouraging you. We're just asking you to back up your statements. Why is that so threatening to you?

    No one ever hears about the hundreds of elections conducted each month that are successfully audited.

    So tell us about them. But that's like saying no one ever writes about the millions of cars that get to work safely. It's only the accidents they write about.

    That's because it's the accidents that matter.

    But, again you're being misleading here. We're NOT TALKING about elections that have had problems. We're talking about the POSSIBILITY that an election CAN have problems because the company you work for (and its competitors) don't ever respond to our questions with real answers.

    Any cognition of anything other than what you already believe would somehow be a defeat to your livelihood and you would never allow that to happen

    Ha! Our livelihood?!? You are sounding paranoid. Seriously, we don't make money from writing about e-voting. As I said, i could honestly never write about this again and be perfectly happy -- but I do because it's important. We make our money doing analysis for companies. The ads we have on the blog barely pay for the hosting. I don't care about "making money" on the traffic here.

    And, to be honest, the e-voting stories don't get very much attention. If I was only focused on writing stories to get traffic, I'd stop writing about this topic, because it doesn't generate that much interest.

    Say, for example, they did let some profit hungry group outside of the law test these machines, and they found that they worked perfectly, it would end up a small footnote in some minor article that no one would read. The machines working correctly isn’t newsworthy to people like you. Sadly, you want the machines to fail, it provides content for your articles…

    Oh hell no. I would be THRILLED if such a report came out. I'd write it up in a SECOND. If there were such a report and it was done by serious researchers with no connection to the e-voting companies, like your employer, I'd love it. Honestly, that would be a story I'd write up in a second. The problem is I can't, because you won't let it happen.

    Having people profit from testing these machines outside of the law is contradictory to what you want, yet since it doesn't create hits on your articles, you will never admit it.

    I do not understand what you are saying here.

    The machines are certified, which means they were tested and approved by the government; call the EAC, go to your local election office and ask to witness the public tests, volunteer on election day, ask to watch the certification testing.

    Right. The public tests are limited. That's the whole damn point. The tests that are more thorough, that are done by security researchers have shown serious security holes.

    Why do you not respond to that issue?

    That's the whole point of this article. The tests that are being allowed are limited. That's a fact. I'm not sure why you think you can deny it.

    Sadly, you would never go out of your way to do these things because if you saw something that went against your belief that "no one tests the machines", you would have to admit being wrong and you would have less to write about.

    Have we ever said no one tests the machines? No. We know the machines are tested -- though there have been problems with the tests, and whenever a serious security researcher runs their own tests they find significant problems. It has nothing to do with what we want to write about. I would LOVE to write about these machines being safe, because that would be an AWESOME story. It would be fantastic. I'd write about it a second.

    Your whole fantasy world would come crashing down if you opened your eyes to the truth and actually made an effort to see how elections are conducted, but the truth isn't interesting,

    Huh? Are you claiming that Avi Rubin, Ed Felten and Bev Harris haven't made those efforts? Haven't taken part? Haven't gone to the testing centers? Haven't been election judges? Because they've done all of those things. You seem to be the one living in the fantasy world unable to admit that something you disagree with might be true -- but the problem is that all the other stuff can be backed up with evidence. On your side, you just say that we're conspiracy theorists.

    Let's try this again. I AM NOT A CONSPIRACY THEORIST. I WOULD BE THRILLED if your machines worked as advertised. I'd just like to have some independent proof of that. Once again: WHAT IS WRONG WITH THAT?

    I don't think you're malicious. I don't think you're evil. I don't think you've done anything wrong on purpose. I just think that for a healthy democracy it's good to have some transparency.

    Where's the problem?

    So just keep throwing out your hearsay and twisted information

    Let's see. I'm the one who can point to evidence to support everything I've said. All of you pointed to is "trust me" and "you're too ignorant to understand." Which one is hearsay? Which one is twisted?

    The testing needs to be done by indepnedent reviewers that aren't biased by what their audience wants to hear.

    Here's the thing, Jo. If you can win over even the "biased" testers, then haven't you proven how incredibly safe your machines are? Wouldn't that be a HUGE PR coup? You'd make a killing in business if you could have the support of the critics who believe you have a safe machine.

    What could possibly be the harm?

    The companies follow the fair rules the government has set for them, and they oblige wherever they are required to do so.

    Heh. Nice sneaky trick in there. The whole point is that the government testing has not been thorough enough. That's not a debatable point. It's proven by the clear security flaws that have been discovered.

    I will discontinue providing the opposing view, it’s pointless because you will always believe what you want to believe and are too proud to do or even consider anything else.

    Jo, that's not even remotely true. I don't have a "belief" here. I just have pretty clear evidence from one group showing that these machines are not secure. And, from the other side, I have you the anonymous employee of one of these firms (yes, I've figured out which one) who doesn't offer any proof back.

    Offer me proof. I'll write about it in a second. I'll do my best to make it a huge story. I'll go on and on about how your company has proven to me that its machines are secure and safe and the votes can be verified and audited and that it's all been supported by even the harshest critics of e-voting. Because that would be a great story. It's one I'd be thrilled to write.

    So, come on, help me write that story...

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    _Jon, Feb 8th, 2007 @ 1:31pm

    Re: Transparency

    If the process were transparent, this debate would be a moot point.

    A company cannot have "trademark secrets" on an open process.

    A lengthy debate is happening with regard to whether a complicated, confusing, and protected system is secure and adequately tested. That debate wouldn't happen if the process were transparent.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Adam, Mar 12th, 2007 @ 4:45pm

    for jo

    Jo,

    look up the term.. ad hominem.

    then get back to us,

    kthx

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    sonofdot, Mar 27th, 2008 @ 1:31pm

    Re: Re: Transparency

    Apparently, the only motivation for anyone except YOU is fear. Apparently, everyone taking part in this discussion except YOU believes there's some conspiracy afoot. Apparently, every American is an idiot, except for YOU.

    I think your tin foil hat is loose.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This