Where would we be if these machines hadn’t been used in the last two presidential elections? One has to wonder when you see how easy it is to fraudulently change the outcome of a vote using them. Hopefully, the rest of the country can follow California’s lead.

California Bars Voting Machines – US Considers

California’s top election official on Friday decertified systems produced by Hart Intercivic, Diebold Election Systems and Sequoia Voting Systems effectively barring their use anywhere in the state. However, California Secretary of State Debra Bowen has agreed to allow counties to use the machines in February’s presidential primary if strict new security precautions were taken.

What brought this on? These next two items detail what was found with the systems.

Electronic Voting Systems Fail California’s Security Testing

On Friday, California released the results of the state’s extensive testing of electronic voting systems. State-sanctioned teams of computer specialists were able to break through the security of every model of voting machine and change results or take control of some of the systems’ electronic functions.
[…]
The study was designed to discover vulnerabilities in the technology of voting systems used in the state. It did not deal with any physical security measures that counties might take and “made no assumptions about constraints on the attackers,” Secretary of State Debra Bowen said in a telephone news conference Friday.

More California E-Voting Reports Released; More Bad News

It is interesting (at least to me as a computer security guy) to see how often the three companies made similar mistakes. They misuse cryptography in the same ways: using fixed unchangeable keys, using ciphers in ECB mode, using a cyclic redundancy code for data integrity, and so on. Their central tabulators use poorly protected database software. Their code suffers from buffer overflows, integer overflow errors, and format string vulnerabilities. They store votes in a way that compromises the secret ballot.

Many will say, “So what?” Or put another way, we’ve come to accept that the powers that be want to rig the results and that we’re screwed. This is only a minor setback for them. Or put a third way, so who’s going to be our next Bush in the upcoming election?

As far as I can tell, major news outlets haven’t taken much notice of these reports. That in itself may be the most eloquent commentary on the state of e-voting: reports of huge security holes in e-voting systems are barely even newsworthy any more.



  1. Dallas says:

    Perhaps… BUT, they worked as they were intended to work in the last two elections. Kudo’s to the Diebold..

  2. Cinaedh says:

    These idiots are using Windows? Microsoft Windows?

    That’s got to be incorrect, right? I didn’t think there’d be a computer literate person on the face of the earth who would use Windows for something that so obviously needs airtight security. Windows?

    My God!!!! Talk about morons…..

  3. The single most important thing about an election is that people should be able to trust the results. If you can hack the machines– regardless of whether the machine manufacturers think it’s “unlikely”, you might as well not have democracy at all. These companies are, simply, wrong. Its their job to make SURE that their machines cannot be hacked. And this means open source code– no “just trust us that the software counts vote correctly– and paper trails. At a minimum.

  4. TVAddict says:

    The biggest disgrace is the fact that other countries can get this right. Why can’t we?

  5. Nth of the 49th says:

    Pedro

    Please do not include Canada. We are stuck in the 20th century. We actually use paper and pencil. So unless someones rigging the supplied pencils. Oh and by the way, amazingly it works extremely well.

  6. Lauren the Ghoti says:

    #4 – Cinaedh

    “These idiots are using Windows? Microsoft Windows?

    That’s got to be incorrect, right? I didn’t think there’d be a computer literate person on the face of the earth who would use Windows for something that so obviously needs airtight security. Windows?

    My God!!!! Talk about morons…..”

    Yep. Although morons is a little too kind.

    But it’s not hard to figure out. You make voting machines. You want to make computerized machines. For profit. And you want to get them on the market as quickly as possible. So the answer is obvious. Windows programmers are a dime a dozen, cheap and quickly replaceable.

    The jokers who run said companies could care less that Win is by far the least secure platform on Earth. Hiring *nix gurus would cut into profits and take too long to get to market. Quick ‘n dirty is the order of the day.

    All that, of course, is bypassing the issue of companies like Diebold (owned and operated by militant supporters of the Republican Party), that deliberately chose the Windows platform, not in spite of but because of it’s ready hackability…

  7. Awake says:

    And the solution is so simple:
    A) Vote on an electronic machine that prints out your vote as a readable receipt, much like a lottery ticket.
    B) Insert the receipt in a separate machine on the way out that is used for tabulating the votes.
    This way you have a printed list of what you selected before it is counted, it is counted quickly, and the receipts that were inserted into the counter can be directly read in case that a recount or verification is needed.
    Why is this made so complicated?

  8. moss says:

    #3 – you may be confusing credit management, mortgage sales – with for-real banking. At least in the States, there is nothing more over-scrutinized than banking.

    It was banking IT that sorted out millenium problems so well that people joke about it as a non-event – without knowing a jot about what the banking industry did to sort the whole thing out in advance – in triplicate. Which is “how” it became a non-event.

    The same goes for real online security systems. Sure, human/social engineering will happen. That’s still in the hands of dodo consumers. But, the banking end – with banks that actually live up to the regs – is solid.

    Banks that don’t? Well, then, you’re back to administrative and social questions – not design.

  9. ECA says:

    What amazes me, is HOW they make programming this so complicated..

    they could use VPC, and program in any form they wished…
    they could make it Post the WHOLE article, or just the Pro/con…
    They could even put in an English translator to simplify the TEXT, so it could be read by a 3rd grader(maybe not)..

    Then Lock down the system ports, and run a Program to monitors the Checksum of the program, for tampering or insertion of ANy modifications…

    ALL the Data on the Bills is available 3-4 months AHEAD of the vote… these machine could be ready 4-6 weeks after they were published, and LOCKED down.

  10. joshua says:

    Any machine can hacked if you allow unfettered and freedom of time contraints to the hackers. The part of this report that seems not to have made the news is that is exactly how the Secretary of States office did this study.
    She hints at it in her statement…..

    *****It did not deal with any physical security measures that counties might take and “made no assumptions about constraints on the attackers,’’ Secretary of State Debra Bowen said in a telephone news conference Friday.********

    >>>>>>but thats all she said publicly.
    I have worked the polls here in California the last 3 elections, and the biggest problem we had was the paper ballot rolls would run out to soon and poll workers who slept through the classes on how to run the machines, screwed them up….causing machines to be turned off until fixed or replaced. Alameda county, a solid Democratic county choose to buy Diebold machines and had many problems, but in the end, not a single lost vote(that i heard of).
    The Sec. of State is new this year, it will be her first election and she was a party hack before becoming Sec. of State….I honestly don’t think she would know an honest election if it kicked her in the ass…..but that my opinion.

    I think Saturday voting would lower the turnout even more. It should be a 2 day process, east of the Mississippi on 1 day, west of the Mississippi the next. No projected winners allowed from exit polling. All votes have a paper back up….ID required to vote….paid for by the state if needed…..polls open from 6a.m. to 12 a.m…..poll workers paid by experience as well as a decent wage for being there.

  11. ECA says:

    14,
    another problem we have is that the East coast has many more voters then the West coast…
    On the west coast they only look at 2-3 states Added to the East coast to decide the election..
    I would love the electoral to be 1 per state…At least THEN, the farming states would have an affect on the out come.

  12. sayuncle says:

    That photo, are you certain those aren’t urnals?

  13. Uncle Dave says:

    #17: Might as well be, considering the articles. Pissing on our vote sounds about right.

  14. Mr. Fusion says:

    #10, Awake,

    Very sensible idea.

  15. Johnson says:

    I have worked the polls 30+years and I have seen every system tampered with. By both sides. That being said the paper and pencil method was harder to rig on a large scale.

  16. ECA says:

    19,
    LARGE??
    you should look at the past…They Bought and PAID for them.
    MORE expensive, yes…But we are talking about a group of folks that DONT care about YOUR money, because

  17. ECA says:

    What I find Heinous,
    Is how much these folks are making PER UNIT…
    For a small bit of programming..

  18. TIHZ_HO says:

    In the photo it looks like they are lined up at the urinals.

    Was that intentional, meaning the US voting system is being pissed away?

    #4 If the voting machines are made by Diebold then yes, they are using a modded up version of Windows XP. They wanted to use a Mac but they are too expensive for what you get. 😛

    #6 “The biggest disgrace is the fact that other countries can get this right. Why can’t we?”

    I was working in Jakarta, Indonesia at the time Indonesians were preparing for their first free election after Suharto. About the same time America had the Bush election Florida re-count and the fiasco that followed.

    To the Indonesians this was the funniest thing ever!!! They had the same fiascos with Suharto and his “free” elections. I don’t know how many times I was asked “Are Americans THAT stupid?” and I had to agree.

    I guess its the same old story “Those who can do, do and those who can’t point the way”

    This Florida re-count fiasco proved to the Indonesians that they were correct on how the viewed America. And that is here is America always sticking its nose into everyone’s business, telling them how wrong they are, and how its supposed to be done when America itself can’t even do it and get it right.

    What a hoot!!!

    Cheers

  19. parick says:

    1st people bitch because they can’t figure out how to punch a hole next to the right name. Now, we want these same idiots to use a computer system? I don’t care what system is used, stupid people will always screw it up.

  20. tallwookie says:

    Soooooooo glad I never started voting – I saw it for the corrupted evil that it is.

    Voting is Evil.

    Bring Back the Monarchy.

    Bring Back Fiefdom.

  21. TIHZ_HO says:

    # 24 parick “…I don’t care what system is used, stupid people will always screw it up.”

    Which is one of the reasons China hasn’t moved over to free elections yet.

    America proves time and time again that free elections are still in beta after all this time with its two party system. Add more parties and you get Britian, Italy etc.

    People really need to get involved with their country in as much as they do with sports. If they don’t well as Thomas Jefferson said “People get the government they deserve.” So stop whining and complaining and do something about it! 😉

    Cheers


0

Bad Behavior has blocked 4631 access attempts in the last 7 days.