| Author |
Message |
    
Tom Reingold the prissy-pants
Citizen
Username: Noglider
Post Number: 1251
Registered: 1-2003
| | Posted on Tuesday, December 2, 2003 - 6:01 pm: | 
|
http://www.pkarchive.org/column/120203.html
Tom Reingold
There is nothing
|
1-2many
Citizen
Username: Wbg69
Post Number: 648
Registered: 6-2002
| | Posted on Tuesday, December 2, 2003 - 8:52 pm: |
|
I find this article to raise important questions. certainly, verifiability and double-checking are a necessary, critical part of the democratic process. without that, what's the point?
as to the paper trail issue, this reminds me that after the last NJ election a few weeks ago, I raised the question that OUR voting system does not seem to leave a paper trail, either. or does it...?
hey Tom, you're a tech guy. here's a webpage describing how to hack in to Diebold voter results. what's your take on it?
http://www.equalccw.com/dieboldtestnotes.html |
jem
Citizen
Username: Jem
Post Number: 838
Registered: 5-2001
| | Posted on Tuesday, December 2, 2003 - 10:15 pm: |
|
Having worked at the polls a couple of times in the past few years, I can tell you that our particular voting system is all about paper trails. There's a huge roll of paper inside the machines - the crank that you pull to open the curtain when you're finished voting also advances the paper. Besides that, you sign your name in a book, then sign your name on a piece of paper with a number on it that you then hand to the person who's attending the booth. If it were necessary, I imagine that the number of votes recorded in the machine and the number of sheets of paper, which must be saved for at least some period of time, I imagine, can be correlated to make sure that all votes can be verified as being connected to registered voters. Provisional ballots, when a voter's status is in question, are also paper documents. |
tom
Citizen
Username: Tom
Post Number: 1600
Registered: 5-2001
| | Posted on Tuesday, December 2, 2003 - 10:31 pm: |
|
At first glance the hack method looks like a piece of cake. MS Access is common, I have it on two of the four computers I use regularly. Anybody moderately geeky should be able to do this, without being anywhere near a sys admin level of expertise.
|
Tom Reingold the prissy-pants
Citizen
Username: Noglider
Post Number: 1255
Registered: 1-2003
| | Posted on Tuesday, December 2, 2003 - 11:03 pm: |
|
Sometimes, we have to question our own goals. Usually, computerization combines goals of increased convenience with decreased costs. Those are admirable goals most of the time. But convenience means a lot of things. It means easy control from a central point. But that central point can be anywhere, like the bad guy's computer. Voting should NOT be convenient to tally. It should be laborious and de-centralized. This way, it would be hard to falsify results, because you can't bribe a huge hierarchy of people.
jem, I think you're talking about the 1930's style voting machines with the big lever. Those are on the way out, becoming rarer. Too bad. REALLY too bad.
Tom Reingold
There is nothing
|
jem
Citizen
Username: Jem
Post Number: 840
Registered: 5-2001
| | Posted on Wednesday, December 3, 2003 - 8:35 am: |
|
Yes, of course that's what I'm talking about because that's what we're still using here in Maplewood, and I was responding to 1-2 Many's question about OUR (his or her emphasis) voting system. |
Brett
Citizen
Username: Bmalibashksa
Post Number: 454
Registered: 7-2003
| | Posted on Wednesday, December 3, 2003 - 10:51 am: |
|
I think the above article is leaving a lot of things out of the equation. There are a few major parts that apply to this system.
1. Database access. The votes are going to put into an Oracle database and write access locked when the polls close. This is a layer of Security that would take a lot more then 5 – 15 minutes to break. Granted and insider at Oracle may be able to pull it off but it would have to be a pretty high level person. The keys would be different for each town so that’s a lot of folks who know Oracle inside and out.
2. The votes are going to be encrypted before there sent to the database and then again before transmitted. This is another Level that would be close to impossible to crack in the short time frame even for an insider. Again different keys per town.
3. The Votes and Database are going to be intently padded with garbage data in order to cause the encryption to be more difficult to break.
In the end I’m not saying that the system is impossible to break, I’m sure with enough insiders and pros this could be pulled of but the amount of people needed would be monumental considering all of the towns voting. They would probably be better off just voting for who they wanted to win instead.
|
Dave Ross
Supporter
Username: Dave
Post Number: 5781
Registered: 4-1998
| | Posted on Wednesday, December 3, 2003 - 11:21 am: |
|
There's trouble with the touch screen technology, too. For example, hitting two areas of a touch screen simultaneously will register the point BETWEEN those two points. Hitting A and C casts vote for B kind of thing. The company's internal memos were made public by a former employee or consultant and the list of problems is quite extensive. A recent headline about it |
Tom Reingold the prissy-pants
Citizen
Username: Noglider
Post Number: 1274
Registered: 1-2003
| | Posted on Thursday, December 4, 2003 - 2:09 pm: |
|
In today's Andrew Tobias column, Brooks Hilliard writes:
quote:I've been a computer professional since 1965 (starting as a programmer on Air Force and NASA contracts summers and part time when I was a student at MIT) and have earned my living in the computer industry ever since. Krugman is absolutely correct. It is totally incredible to me – from a totally non-partisan standpoint – that anyone with any computer knowledge would advocate using electronic voting machines that do not have a paper trail available to audit the count. Even the best electronic security is vulnerable because there's no way to check every potential breach (if only because there's no way to be sure you've thought of every one). Thus, the only way to have even adequate security is to be able to detect when a breach has occurred. In the voting context, a paper trail combined with poll-watchers, is good protection . . . anything less than this is not. This should not be a party issue: both parties' candidates are vulnerable to "dirty tricksters" from the other side . . . or malicious hackers from neither side. Walden O'Dell (the Diebold CEO), though partisan, is probably an honest and honorable individual. But he's not the problem . . . latter day "plumbers" are, and our electoral process needs to be protected against them.
I had a colleague speak of our corporate firewall and say, "we've had no undetected breakins in the last six months."
Basically, we have Diebold using Microsoft's technique of saying something like, "You know it's secure because we say it is." Why should we accept that for our elections, for God's sake?
Tom Reingold
There is nothing
|
Michael Janay
Citizen
Username: Childprotect
Post Number: 102
Registered: 1-2003
| | Posted on Thursday, December 4, 2003 - 2:46 pm: |
|
It seems there is a lot more to this than people here know.
Each machine is a stand alone unit, not connected to a network so hacking an individual machine or even multiple machines is virtually impossible. Each vote cast is recorded both in a smart card in the machine and on to a smart card given to each voter. The smart card is given to the election admin (just like a paper ballot) who inserts it into a tabulator (this is also a stand alone computer. At the end of the polling the results are compared with the recorded votes in the machines smartcards. Once it is verified to be the same (and the software can print out the totals), the tabulator machine software can send the info to the state database securely.
The smartcards are nonvolatile and keep the results of the voting indefinetly. Just like paper ballots. The cards are used over and over but it would take over 100 years of voting to fill one up. No votes are ever erased from the cards.
While there are ways to hack the main databases, the combination of the smartcards, the memory in the machines, and the local level tabulation and verification provide an audit trail that doesn't need paper and in fact is far better than paper.
|
Dave Ross
Supporter
Username: Dave
Post Number: 5805
Registered: 4-1998
| | Posted on Thursday, December 4, 2003 - 3:10 pm: |
|
There are waaaaaaay too many problems currently to implement this technology. Ohio just backed out for reasons I mentioned above and others.
Maybe democracy shouldn't rely on patches and upgrades? |
Michael Janay
Citizen
Username: Childprotect
Post Number: 105
Registered: 1-2003
| | Posted on Thursday, December 4, 2003 - 3:26 pm: |
|
Dave,
From the article you linked to...
"The state's top elections official said Tuesday that security problems found in new touch-screen voting systems mean they won't be in place statewide in time for the November 2004 presidential election.
Secretary of State Kenneth Blackwell said some of the new voting machines would be installed in August, some in November and the rest in 2005"
That is not backing out, its pushing the schedule back a little.
They are still implementing the touch screen machines. How can you say they backed out of anything?
One of the problems cited in the article is the lack of locks on ballot boxes (which I assume hold the smartcards) and lack of locks on the machine cases. This is far from a technological issue.
I don't see how paper ballots are any more secure. In fact I'd rather have my vote recorded on 2 encrypted smartcards than a piece of paper anyone can see.
|
marian
Citizen
Username: Marian
Post Number: 53
Registered: 9-2001
| | Posted on Thursday, December 4, 2003 - 3:29 pm: |
|
Hey Michael,
What's up with your company Child Protection Network? Picked up a flyer at the train station, but when I tried to call the number the line was disconnected. I'm looking for someone to childproof my home. Are you still in business?
Thanks. |
Tom Reingold the prissy-pants
Citizen
Username: Noglider
Post Number: 1276
Registered: 1-2003
| | Posted on Thursday, December 4, 2003 - 3:30 pm: |
|
It's hard to falsify large stacks of paper. Paper is actually good at withstanding floods and fire. They're far from perfect, but other media are often worse.
Tom Reingold
There is nothing
|
Dave Ross
Supporter
Username: Dave
Post Number: 5806
Registered: 4-1998
| | Posted on Thursday, December 4, 2003 - 3:39 pm: |
|
More detail.
http://www.equalccw.com/dieboldtestnotes.html#intro
You can download sample data and walk through all the many security loopholes. Enjoy! :-)
More detail on how votes can be changed:
http://www.scoop.co.nz/mason/stories/HL0307/S00065.htm
|
Dave Ross
Supporter
Username: Dave
Post Number: 5807
Registered: 4-1998
| | Posted on Thursday, December 4, 2003 - 3:46 pm: |
|
More detail
quote:According to a source familiar with Windows security issues, file names on the Diebold FTP site indicate that some AccuVote software runs on the Windows 95/98 platform. "No one who is seriously concerned about security would run an application on that platform," says David Allen, an accredited Microsoft systems engineer. Even Microsoft recommends using other platforms when security is at issue.
http://www.scoop.co.nz/mason/stories/HL0302/S00052.htm
|
jro
Citizen
Username: Jro
Post Number: 34
Registered: 8-2002
| | Posted on Thursday, December 4, 2003 - 3:52 pm: |
|
Michael,
I've also tried to call (and email) Child Protection Network several times. What's going on? |
Michael Janay
Citizen
Username: Childprotect
Post Number: 107
Registered: 1-2003
| | Posted on Thursday, December 4, 2003 - 3:53 pm: |
|
MArian,
I'm sorry to say that Child Protection Network is not in business anymore. I still do CPR/first Aid training and Car seats, but no babyproofing. The insurance rates killed me (they raised my rates by 6X), and without doing babyproofing I couldn't make enough profit to get by.
There are other babyproofers around, but be careful, most are serious rip offs. I'd be happy to answer any questions you have, or give you some reccomendations if you want. PL me. |
lseltzer
Citizen
Username: Lseltzer
Post Number: 1956
Registered: 5-2001
| | Posted on Thursday, December 4, 2003 - 3:58 pm: |
|
Hard to falsify large stacks of paper? Are you serious? It does require the cooperation of at least some polling place personnel, but it's pretty easy to envision.
This is the main problem I have with all the criticism of electronic voting. It's not like existing voting systems are tamper-proof. I can certainly believe that the Diebold systems are badly implemented, and I wouldn't accept a system for a voting district without a full, independent security audit including access to the source code, but I can envision secure electronic voting systems. |
Dave Ross
Supporter
Username: Dave
Post Number: 5809
Registered: 4-1998
| | Posted on Thursday, December 4, 2003 - 4:18 pm: |
|
It doesn't help Diebold's case to have its president promise to "deliver the vote for Bush in '04".
quote:Voting Machine Controversy
by Julie Carr Smyth
COLUMBUS - The head of a company vying to sell voting machines in Ohio told Republicans in a recent fund-raising letter that he is "committed to helping Ohio deliver its electoral votes to the president next year."
The Aug. 14 letter from Walden O'Dell, chief executive of Diebold Inc. - who has become active in the re-election effort of President Bush - prompted Democrats this week to question the propriety of allowing O'Dell's company to calculate votes in the 2004 presidential election.
http://www.commondreams.org/headlines03/0828-08.htm |
marian
Citizen
Username: Marian
Post Number: 54
Registered: 9-2001
| | Posted on Thursday, December 4, 2003 - 5:00 pm: |
|
Michael,
Talking about rip offs, you trained my shared nanny Diki in infant and child CPR this summer and the other mother, Jennifer, has left you repeated phone messages (before your line was disconnected) as well as e-mails asking you to mail her Diki's certificate.
Can you give me an explaination as to why we have not received it yet please?
Thanks. Private line me if you need Jennifer's address. |
Michael Janay
Citizen
Username: Childprotect
Post Number: 111
Registered: 1-2003
| | Posted on Thursday, December 4, 2003 - 5:07 pm: |
|
Strange, I mailed that months ago, about a week after I trained her I can get a copy and have it sent to her. I'll take care of it.
My phone and e-mail have been off line for a while. Sorry. |
marian
Citizen
Username: Marian
Post Number: 55
Registered: 9-2001
| | Posted on Thursday, December 4, 2003 - 5:16 pm: |
|
Appreciate it, Michael! |
tom
Citizen
Username: Tom
Post Number: 1656
Registered: 5-2001
| | Posted on Thursday, December 11, 2003 - 5:27 pm: |
|
Just in, Nevada has decided NOT to use the Diebold machines, and are going with a competing system. They are also mandating voter-certifiable paper outputs.
quote:The decision to go with Sequoia machines was based in part on a review by the state Gaming Control Board's slot machine experts who issued a report saying the Diebold machine that was analyzed "represented a legitimate threat to the integrity of the election process."
Marc McDermott, the GCB's electronic services division chief, said the Sequoia machine "represents a much more secure option."
Whatever else you may think about a state gambling authority, they probably know a thing or two about security.
Nevada's Secretary of State, who made the decision, is a Republican.
http://www.salon.com/tech/wire/2003/12/11/nevada_vote/index.html |
Closed: New threads not accepted on this page