This didn't inspire confidence...Follow

Some time ago I read this story about the Diebold voting machines. I didn't know much about the company other than they made voting machines and that there are a lot of concerns about them.

Then I goto my bank the other day.

They've replaced all their ATM machines with new ones. From diebold.

I usually use the ATMs for convenience. I walked right by them and went to a teller instead. Am I a bit paranoid? They say that they are replacing the machines for added security. I'm not quite sure why they needed all new machines for a metal guard, mirror and the bullshit "enhanced security" pin. I really don't trust the diebold name. For all I know, they're using an unsecured wi-fi network to transmit my pin to a central computer in the branch for verification. That's how confident I am in that name.

Edited, Oct 7th 2006 at 11:09am PDT by Nizdaar

For loadsa stuff concerning the voting machines supplied by Diebold, Bev Harris has done heaps of research into the subject. (Wich should be of MAJOR concern to all voters in the US.)

She was working with Scoop in new Zealand, and has exposed some remarkable flaws in a system that has led to some extremely questionable results in the last couple of US elections.

Scary reading.

Heres a couple of links ...

Lol. I followed your links to this one detailing how easy it is to hack Diebold election machines.

God I love when people who have no clue how technology works try to explain it. Doubly so when they're doing so in such a conspiratorial manner. Um. Newsflash. If you have physical access to a system, you can hack it. If you have network access and the passwords and such, you can hack it. Nothing new here.

I particularly loved this bit about how anyone could "hack" the password on their database:




Hah. I do that all the time to change root passwords when they get fogotten. Nothing new here. If you have access to write a file, you can change it's contents. Only a totally non-technical person would actually think this was unusual or represented any sort of significant security risk.

The key (as the writer mentions but dismisses) is physical security. The machines are assembled and installed at Diebold. Presumably, the account used for viewing results does not have write access to the database. Presumably, no account does except the database account, which requires a secured password to log in. So, the fact that a user can hack a database they created/copied by using MS-access is meaningless. If *I* create that database with my account, and then you log in with a different (non-admin) account, you wont be able to do what this person talks about.

Again. The security is in the whole system. Not one piece of software.


Kinda funny actually. The saddest part is that most people don't know enough about computer security to realize just how ridiculous this complaint is. You simply can't secure a computer system that tallies votes from remote sites any more then they have in this case. Demanding the impossible doesn't make it any less impossible...

I've seen enough written by professors of computer science at various universities to feel confident that the machines aren't as secure as you'd hope, given their importance.That's as good an argument as any I've heard for ditching the machines.

Except that those are presumptions you absolutely have to make when you discuss computer security issues. Because without those restrictions then anyone can "hack" anything on any computer. The cornerstones of computer security (if you can't have physical/network security which is 99% of the time) are authentication and authorization. Both have to be present for any real security to exist.

What the article essentially argues is that if you don't enforce the authentication half of security, your files wont be secure! Um... Shocker!!! Duh...


Heh. Joph. I've yet to ever meet a professor of CS who knew half as much as the average working IT security pro. While there are a few who know their stuff, the vast majority simply don't. Most of them are engineering (more often CompSci, which is *not* the same thing) professors who teach in the CS departments today, not because they have specific knowlege of the field, but because their degrees are closest. It does not surprise me at all that there are many CS professors who don't understand real computer security enough to recognize the silliness of most of the issues with the Diebold machines.

Yes an no. The question is: "Are they *less* secure then the paper ballots?". And the answer to that really is, no. What I just said about authentication and physical access applies just as much to a paper ballot system. If I've physically got a box of ballots in my hand/car/whatever, I can change those ballots or add more pretty easily. With the electronic voting machines, you also need physical access and time *and* you've got to be savvy enough to do it *and* the system itself has to not have been secured at all.

The article is equivalent to saying that if you take a box of ballots home with you where you can spend the time needed in private to open up the box and change the contents, then you could "hack" the ballot process.

Again. Duh...



The newer machines do. This was one of my first complaints about the voting machines from day one (when they were testing them out about 4 years ago). They've since added paper printers that record each vote (with voter information stripped out so you just see the tallys change over time). They're currently having problems with paper jams with those systems (but no more I'd assume then with any other spool type printing system). But they're definately adding the paper trail system

Part of it is cost savings. It's a heck of a lot cheaper to tally the votes by computer then via card reading machines. Cheaper on paper as well (which is likely the reason why the initial versions did not include any paper trail, they were trying to eliminate the paper from the process afterall).

Another part is accuracy. At the end of the day, a certain percentage of the votes in any election are always lost due to damage ballots crumpling in the reader, mispunched ballots, rainwater getting into the box, crash while transporting the ballots, and any of a zillion other things that happen between the time you walk into the booth to vote and the vote actually gets counted.

The voting machines eliminate the majority of the things that cause votes to get lost. Obviously, they can add some new ways for those votes to get lost, but the idea is that as the technology is developed and refined, we'll end up losing vewer votes in elections, meaning that the election results are more accurate then they'd be if we used paper ballots.


And I really think that most of the people criticizing the process aren't considering that we're not creating something in a vacuum. We're replacing another system. A consideration of the security of electronic voting machines must take into account the current security of the paper ballot process. People seem to complain about the voting machines because they aren't "perfect", but neither is the system of paper ballots. Nothing is perfect. No election counting methodology is immune to tampering. The objective is to make it harder to tamper, more accurate, and cheaper. Which the Diebold voting machines do.

The fact is that you have to have much greater access to the Diebold machines in order to tamper with the votes inside then you need with a ballot box in order to do the same thing. The votes are stored on memory cards which are handled using the same physical methodology as locked ballot boxes (boxes locked with a seal affixed, two people handling the box at all times, etc). Any tampering must be done either at the final location where the votes are tallied centrally, or at the balloting place itself by inserting false voting information into the cards themselves.

In neither of those two areas are the electronic voting machines any more vulnerable then paper ballots. Until that box is locked and sealed, anyone with physical access to it can "stuff" the box with extra votes (which is where we get the term "stuffing the ballot box", right?). A similar amount of physical access would be required to change or add votes to an electronic machine at the ballot location (unless you think hooking up serial cables and hacking the machine is harder to spot then dumping extra pieces of paper into the box was...). At the central terminal, there is absolutely no difference. Paper ballots are fed into a machine that counts them then transmits the totals to computer. Electronic ballot cards collected from the voting machiens are read by a maching that counts then and tranmits the totals to the same computer. No change of security. If someone has the ability to hack into the tallying system without being detected he could change the votes no matter what method is used at the balloting place.


I've spent a good amount of time discussing this with other IT security types. While the security model isn't perfect, the general conclusion is that it's at worse identially insecure to using paper ballots, and at best significantly more secure. That's a "win" all around.

For all the good it does, technology begets problems. Furthermore, the problems that arise aren't anything easily fixable, particularly by the average voting booth volunteer. Take, for instance, the problems detailed in this fellow's blog. As an aside, unless anyone has specific information to discredit his credentials, he seems like a fellow who knows his stuff when it comes to electronics and security.

These simply are not problems that arise with a paper system. I won't say that the paper system is perfect or that it can not be tampered with but things such as "make sure the results aren't available to be physically tampered with" are the same weather it's a box of paper ballots or a glorified laptop containing the election results. This discounts accidental issues such as software glitches, power surges or whatever other technical issues that can potentially mess with or erase voting records. Yeah, someone can spill their coffee onto some ballots. the result of that happening isn't anywhere near as damaging as losing the results on a memory card due to technical failure.

As for whether or not Diebold machines now all produce paper ballots, I couldn't say because I haven't read anything to that effect. According to this column (which links back to the blog), 27 states now require a paper ballot -- barely more than half. I know its a state issue, but I'm really amazed that the other 23 states haven't followed suit.

I'm not entirely against electronic voting. If nothing else, an electronic vote, with a paper ballot receipt, ensures that we have two (presumably accurate) tallies of the votes and gives us one to match against the other if questions arise. But pure electronic measures just don't seem like the answer right now and paper ballot systems are not used nationwide.

Joph, thanks you for the link to Dr Rubin's blog. It was his study that I was refering to in my earlier post.

I vote in Baltimore City, where most of the election judges are seniors who have no or little experience with computers. So was worry even as I was walking to my poling place.

Jonwin and I had bother received new voting cards with information on the fact that our poling site was now moved from the church to a local elementary school 2 blocks farther from where we live. Since I never am sure how my legs will feel on election day, the poling place was an issue if I had to make use a wheelchair. At the church the handicap entrance was in the back and one had to go though the ally litter with trash to reach it. This seem less of a problem at the new poling place, as long as one didn't have to use the sidewalk between the senior housing and the school, as they are in bad shape.

When I got to the new poling place, I notice fight off that there were problems with the electronic poling books, that replaced the old binders of resister voters. The 3 voters in front of me all had been directed to see if the ebooks at the next table show them as not voted yet, Since the machines had crashed.

From Dr Rubin's blog I now have a since of what was going on to cause the problem I was seeing there.

1. Was a problem with the cards crashing the ebooks.

2. I did not see any cables running from one table to the other being used for the ebooks. Since they were suppose to all be hooked up to a hub, I now wonder if they had set them up wrong, like I heard of at other poling places afterwards in the newspaper.

This is the first election year that Baltimore City has been forced by the state to use the Diebold machines, instead of the electronic machines they had used the last 3 elections.

At this point I am going to ask for an absentee ballot be sent to me, for the general election, as it is the only way it looks like I can be sure that my vote is counted correctly. Plus the one time I didn't make it to the polls was 8 years ago, when I was in too much pain to walk the 5 blocks to vote that in that primary.

Edit to add link to video of another study done at Princeton Univ. Seems it only takes a minute to add code that can effect the vote total and then delete itself.

Edited, Oct 12th 2006 at 10:07am PDT by ElneClare

I like that he with the most balls wins... :)

The problem is that we have to have a "semi-anonymous" vote. You need to be able to total up the votes for each candidate or initiative on the ballot, but not be able to connect individuals to the votes after the fact (so that there's no fear of reprisals based on how people voted). The ball system wouldn't work since each person's name is on the ball. Also, don't you vote for more then one thing in an election? How many balls do you get? Which color means what in which catagory? What about elections where I vote for the two candidates in a set that I want? It's just not that simple...

It sounds like the number one problem they're having isn't with the voting machines themselves, but with the process of verifying that each person only votes once. Not surprising since it almost sounds like they spent all their time and effort on the voting machines with the voter counting process somewhat of an afterthought. I'm not sure why they can't just separate the two entirely. It's not like crossing names off a list wasn't working well previously. The savings isn't in that part of the process, but in the ballot counting part. Why introduce a far more complex and error-prone component into a part of the election process that isn't already expensive and inaccurate?

I think the voting machines are useful, and while not perfect, are a good replacement for the paper ballot system. I'm not sure about the electronic voter sign-in thingies though. Should just scrap them for the moment and get the voting machines working properly. Maybe down the line when they can devote more time to the systems, they can re-address them.

One of the first things you learn in engineering is *when* to make a change. If the thing you're building doesn't improve the process in anyway, you shouldn't do it. In the case of the voting machines themselves, the long term benefits of getting an electronic voting system working is very valuable. Most of the errors and problems we have with elections occur as a result of using paper ballots. Electronic ballots have the potential to fix those errors, and be much cheaper in the long run. Thus, even if there are some problems initially, it's worth making the change. I'm not sure the same can be said for the check in process though. Again. It's not like the binder with the list of names that you checked off when you handed people their ballots (or cards with the electronic systems) wasn't working just fine before. It's not like you save a ton on paper or anything, so I'm not sure why they bothered to change that process except for the pure fact of changing it "cause electronic is better!"...