I became more interested by this topic with an editorial in the Washington Timeswhich dismisses any and all concerns about electronic voting. Among the claims of the Times editorial staff:(1)machines are tamper proof; (2)You can't hack into a machine any more than you can hack into a computer that isn't online; (3) It doesn't matter if machine makers are partisan donors to either pary since precinct clerks will know if there are any fudging with numbers. I read this article a few days ago and found it to be quite formidable, then I found out the real problem with these machines.

CNN online had an article- Voting machine business stormy for Diebold that essentially refuted all of the Times article main points. To knock-down each of the Washington Times points-(1)Hackers found the source code of the machines and company e-mails (2)with source codes, you could theoretically alter an election; (3) Florida 2000 showed that it isn't a matter of getting more people to vote for your candidate. Instead, all you have to do is disqualify votes.

Times mis-statement



CNN correction



Questions for debate:

1)Do you find the anti-electronic voting machine article more convincing or the Washington Times pro-voting machine article more accurate?

2.)If machines produce a CD read only program, is that sufficient enough of a "paper trail"?

[COLOR=red](3)Is the Times, which is a conservative "Moonie" paper with ties to the GOP going too easy on an industry that is tied very closely with the GOP as well?COLOR]

Do you find the anti-electronic voting machine article more convincing or the Washington Times pro-voting machine article more accurate?

As an IT professional I find the CNN Article to be much more convincing. There is no such thing as hack proof when it comes to computers. It is impossible to think of every possibility even under the best software development conditions. Given the state of how software generally goes to market now, the chances of bugs or security holes which would allow you to exploit it are even greater.

Anyone who believes differently doesn't know a thing about IT.

If machines produce a CD read only program, is that sufficient enough of a "paper trail"?

I personally think the idea of redundancy here is very important and have heard a few good ideas around this.

First, the idea of storing data in multiple locations (i.e. both a database and a CD) is a good idea.

Secondly, the voter needs to have some kind of paper confirmation of their vote. The machine should print a small receipt which would contain the date/time, voting booth location, something to identify the voter and their vote(s). This should probably be printed in duplicate and they could turn the other copy in as they exited the booth. This would give the voting clerks the ability to check paper ballots if absolutely necessary.

Most importantly though, the system needs to have a very sophisticated system of checks and balances to ensure nothing is being tampered with and the machine is operating correctly.

Is the Times, which is a conservative "Moonie" paper with ties to the GOP going too easy on an industry that is tied very closely with the GOP as well?

Absolutely. This is clearly a partisan assessment, because anyone remotely familiar with IT would be very uncomfortable with these machines.

The only real way that anyone is ever going to trust these machines is for them to work correctly in several elections. I would submit that the appropriate time to "test" these machines is not during an extremely heated presidential election either. These machines should prove themselves for several years in state and local elections first. Then if there are no problems they might be ready for prime time in say, 2008.

Software almost never is bug free when it is first released, it generally takes years before a release is stable. In this case the stakes are far too high to let these things out the door without serious scrutiny.

The voter can't be identified without breaching a fundamental principle of free and fair elections, namely the right to cast a secret ballot. Voters must be able to vote according to their consciences without having to fear repercussions. I agree that there should be a paper record of each electronic vote, but it should only record the booth location and the choice of the voter, not a means of identifying the voter.

Do you find the anti-electronic voting machine article more convincing or the Washington Times pro-voting machine article more accurate?

I am not overly concerned with the security. Diebold makes ATM machines, for goodness sake. I haven't heard of some large scale rip-off of this "overly vulnerable" system, a system which would appeal to just about every hacker who thought they could accomplish a legitimate "hack job".

If machines produce a CD read only program, is that sufficient enough of a "paper trail"?
To be honest, I am not sure what mechanism is used to count the votes. Ideally, I would think a read only CD which is burned locally, from computers that were not networked, would be virtually fool proof. It would be slower than reporting from computers that are on-line, but much more secure. If it is a read-only disk (easily produced) which can only be read in a central location, and back traced with a unique ID to the original computer, I think that would be perfectly legitimate.

A "paper trail", complete with date, voter ID and votes has NEVER been kept. Anonymity has been a keystone of the US electoral process since its inception. No one can go back and tell who I voted for in the Presidential race of '92. Should this system require such a trail, my voting record would (potentially) become public domain, especially during a recount. If this type of paper trail is required, why isn't it required now?

Is the Times, which is a conservative "Moonie" paper with ties to the GOP going too easy on an industry that is tied very closely with the GOP as well?
I do not see this as a partisan issue in any way. I think we need to move forward with technology. I also feel that we need to ensure that proper security measures are in place. Non-networked computers would accomplish that nicely.

I also work in IT and there is not one program, and there never has been a program that can not be HACKED.

There have been various articles written about Diebolds software being very easy to hack.

But most of all I would never want to vote electronic without a paper trail. What happens when the winner wins by such a slim margin, that the state law demands a recount. How are we going to recount?

No this version that exists now is too scary. As far as I am concerned it would only give Bush a chance to steal another election.

So, why aren't ATMs hacked on a regular basis?

Hacking is all about accesability. No access, no ability to "hack" or change data.

Stand along computers in a room full of elections officials would be aweful difficult to hack.

And why this assertion that Bush would steal the election? Other companies make similar software. I am sure some hackers are Democrats . Why would this be a Bush "opportunity"?

(Oooohh, a Republican...evil, corporate Republicans at Diebold... )

Any computer connected to a network is hackable. Anything that can be done by software can be undone by software.



I think the concern is the possibility, not how frequently. After all, one succesful hack into a voting system on a network could dramatically alter the face of our government (and if done correctly, it's possible that noone would ever know). ATMs are hacked from time to time, just last November Diebold machines were corrupted by a virus that took advantage of security holes in Windows XP Embedded (link). So it's not unheard of, and the possibility alone is enough to scare skeptics away from it.


The simple solution is to use computers to record and tabulate votes as standalone systems. The recording media or entire system could be physically transported to a central location where they are directly connected to a main computer that is used exclusively to record and tabulate votes from all the different machines. This computer would not be connected to a network, either, eliminating the threat of some yahoo in a basement somewhere tampering with the results. I would support something along these lines.



Would there really be a need for a recount with a computerized system? How the heck could the computer count the vote wrong? It's not a mechanical system that could miss a hole on a punch card or a human that gets fatiqued as the counting drags on. Others that are more involved in the software side of this issue may have some circumstances in mind that would require a recount, but I really can't think of anything that would necessitate it. Technology has reached a pretty safe level in terms of data integrity, I think. I could be wrong, of course, and if there is a legitimate reason then I would have to rethink my position. And if a paper trail is required, then why not just have the system print a 'receipt' that has the votes cast, the ballot location, and the ballot time. They could be stored in the same manner as current paper ballots in the event that they were needed? Maybe I'm thinking too simple, but it seems like a good system to me.

Was it Stalin that said "It's not the people who vote that count; it's the people who count the votes"?

This is the old thread (thanks to Curmudgeon for finding it) that dealt with this subject, in case anybody is interested:

http://www.americasdebate.com/forums/index...wtopic=2534&hl=

Last week I heard a journalist pronounce Diebold as DEE-Bold, which perhaps makes it sound a little less sinister.

I think that the further away from paper ballots we go and the more technology we rely upon for something as important as a national election, the greater the potential for electronic tampering that might not be found. No, I'm not a Luddite, but I believe that elections are too important to leave to the scruples (or lack thereof) of unknown computer geeks (apologies to the good geeks out there!).

I would rather see the old system where a voter used a pen or pencil to check or X the box next to the candidate's name, fold the piece of paper, and drop it into an official ballot box with a big old lock on it.

Sure, the counting process would be long and arduous, but there would be less doubt when the outcome was finally reached.

Well, despite that Walden ODell, chief executive of Diebold told Republicans in a fundraising letter that 'he was committed to delivering Ohio's electoral votes to Bush', and held a 1,000 a plate fundraiser in his mansion. And diebold has never given any money to a democrats' campaign.

And: That the three companies that own and distribute voting machines are ultra right wing and in two of them the heads of the companiies belong to fanatical religious organizations that : " promote Christian Reconstructionism, which mandates Christ's dominion over the entire world. The organization's purpose is to establish Old Testament Biblical law as the standard for society." As well as some other twisted positions on 'Democrats with their liberal/socialistic worldview'.
And :
ES&S also has a connection to the Bush family. Jeb Bush's first choice as running mate in 1998 was Sandra Mortham who was a paid lobbyist for ES&S and received a commission for every county that bought its touch-screen machines.

And:



And that Diebold refuses to implement machines that will give paper reciept, saying its too expensive...funny, because all retail machines are to be able to do this with no problem and remember your phone number, in case you dont have your card and everything you purchase.

And that 2000 and 2002 elections were rife with glitches and false turn-outs.
Like, in 2000---"the state of Florida purged over 90,000 people from their list of eligible voters under the guise that they were felons. In fact, almost none of the disenfranchised voters were felons...but almost all were blacks or democrats."

And:




The listings of problems only begins there. This link is pretty tell all, an important read that brings many aspects together:
http://www.infernalpress.com/Columns/election.html

Other than that I think we have nothing at all to worry about. Especially not from Republicans, who would never 'fix' an election.

I disagree. We would simply be trusting a different group of people with the tally. I doubt it would be any more (or less) corruptible (is that a word, it should be if it's not).




Oh, there are problems with the system that need to be addressed. We are not ready to just slap some computers in a gym and go to it. But I really think it's something that needs to be worked on and implemented after much research. Surely a company that so openly supports specific ideals and political parties should not be trusted with the task, but that does not mean the task is not worth taking up. From the same article (under Solutions and Alternatives):



I definitely agree with that line of thinking.

It's the fact that we would KNOW who the voting officials were who supervised the manual counts that would make them more accountable, less corruptible. If you know where I live I might think twice about pulling a fast one on you.

In addition, you can still vote during a power failure as long as there are Coleman lamps and flashlights available!

I agree Slim, however there are 33,000 machines (at least) from Diebold alone in current use, and instead of fixing the problem they are trying to 'fix' the dissention.

These machines will all be in use for this election, without paper trail in effect until 2005, and only because of the outrage the situation has caused. This has been being discussed for 4 years already.

We cant stop technological advancement, but it needs to be safeguarded and independantly watched. (somehow)

I found it interesting/strange that immediately after the 2000 election the Federal government issued to alaska electronic voting machines. For one, why alaska? We are like Nobody. We have 3 electoral votes, but the administration kowtows to alaska bigtime, having had Frank Murkowski and Ted Stevens on their side from ..forever, and Lisa following in line, and the oil industry backing. Alaskans are not going to question electronic voting, nor the machines. Noones going to put up a fight up here. How many other States got this 'gift' from the feds? I wonder.

Is it up to the Federal Government, IE: your tax dollars to 'issue' voting machines? Or does the State normally have to buy them?

It is shocking that the conflicts of interest are being largely ignored. I am certainly not saying that this is acceptable in any way. I do not think that the current rollout of e-voting machines is being handled properly, and I think that it is too soon for such technology to be implemented. I just don't want the entire notion of computerized voting to be tossed out the window because of it. We shouldn't be using these machines now, they need more research and testing done. Such testing and scrutinizing should be done by many, many companies encompassing different political groups, areas of interest, etc.



But we could have the same information available using computerized systems. If they are not on a network, they can only be altered by those in direct contact with the system. The names of programmers that worked on the project could (and should be) publicly accessible. It might be a few more names, but we would still know who was responsible.



Or a generator to run computers.

In reading the comments about our IT specialists, I would have to agree that the CNN article is the more truthful one on this issue, as opposed to the Moonie paper. I'm more concerned about businesses that have close ties to one party playing a key role in an election. If the tables were reversed, would republicans be happy? I guess the contracts for machines should go to government, civil servants who by law, can't make political statements or actively campaign. Does anyone take issue with the notion that we should have a fair, honest, and open system free of partisan tinkering? Is there not a conflict of interest between voting machine companies and their W-lovin' CEOs?

As a matter of fact Amlord they are hacked periodically.

I didn't do a very exhaustive search but in the first two pages of results I was able to uncover two major attacks - here and here. Also, just in case you wanted to know the methods for doing so, they can be found here.

I know that there are quite a few other instances but it is a little late to dig in that much, maybe I'll edit this post tomorrow.



Yes and voting machines would still be accessable. Either the machines would have to be stand alone, in which case they are going to be a fully functional computer with disk drives, etc in order to be maintained. The other alternative is they are dumb terminals, but that means they'll be connected to some form of network. There is also the possibility of some kind of unconventional access such as a USB port, easily accessable circuit board, etc.

Given the fact that the source code of the machines has been leaked, hacking these things would be relatively easy given the right access point. This could also turn out to be something uncoventional.



Last time I checked, most voting booths (at least the ones I have been to) have at least moderate privacy. The "officals" there aren't all that attentive either. If a hacker were to take this on they wouldn't be going in there to experiment, they would go in with a solution, do their thing and be done with it. Whatever they did to the machine would likely work its magic without their intervention.



And I would agree. Every commercial release of software is riddled with bugs and security holes. The push for quicker release cycles, less up front thought about design, less time spent on testing and less QA on developer's work has lead to this problem. This is absolutely unacceptable for something as important as an election.

Electronic voting may one day be a reality, but the day to test the waters is not during a presidential election, especially one likely to be as close as this one.



There are ways to verify a voter is unique without compromising their identity. I wasn't suggesting the machine print their social security number on the receipt. There would have to be a new paradigm here because voters can't submit more than one vote right now (they only get one ballot), ways could be found to cheat the system if the voter can't be verified.

I not only work in IT now but did work in DP back when the Internet was just a curiosity with some potential. And I've done my share of programming along the way.

It is relatively easy to hide functional code that drops down to assembler level and accomplishes things with various binary tricks like shifting registers left or right. This type of code doesn't seem to do anything to the untrained eye, but in actuality it could be doing a great deal.

For example, every so often a vote for a particular candidate could be stolen and put into the rival's tally.

To hide this code even farther, it could be assembled into an object file and linked into the rest of the program when creating the executable.

Then, just to make life hell for auditors, you throw away the assembler source code. Auditors would have to understand not only the computer's instruction set inside and out, but also how to reverse-assemble the evil module. Alternatively, how to read a hex dump of the code.

Anyway, these are just a few things that come to mind if I wanted to write code that would give nightmares to auditors.

However, it appears that the code in question isn't even open for external audit!

That is simply an unacceptable condition in today's IT world. No bank would ever stand for it because programs could be, and have been, written to steal money in ways that are hardly noticeable. How were these programs discovered?

Auditors.

The same can be done for stealing votes or even padding with fake votes. Since this is a rediculously easy thing to do, no voting computer should ever be used without external audits by people who understand how to find stealth code.

I'd suggest having at least three independent auditing firms employed to do this, plus a forth auditor to compare findings.

Regarding networking the voting computers, go with a point-to-point model like SNA over secure phone lines and use high-end hardware encryption. It works for check-processing between banks and the Fed, or at least that was done 10 years ago. Maybe it's done with VPN these days.

In any case, I don't trust the businesses making the voting machines, nor do I think the NY Post has anything worthwhile to contribute to the debate.

What is it that Ronald Reagan said? Oh yes, "trust but verify."

I used to do quite alot of assembly level programming myself, back in the days of wooden ships, iron men, and 16-bit processors, and I agree with AM that it is quite simple to write hidden code that would take months, if not years to unravel, especially without the source code available. I wonder though if through rigorous testing and verfication it might be possible to certify that there are no "surprises" in the code to alter the vote one way or the other. Perhaps by running a series of mock elections with known outcomes? Whatcha think, AM? Possible?

I agree here: as a long-long-long-time industry veteran, a line-by-line audit by one or more independent organizations hired by whatever state wanted to use the electronic voting machine would likely get us past this hurdle.

Why the voting machine people don't just hire their own auditing firms to "certify" the code is beyond me. It's great public relations and would help lower the volume of the debate. Sometimes it's easier just buying the election, right Diebold?

As with all things involving IT security, it is important to properly frame the discussion. Can these machines potentially be 'hacked'? Of course. That's NOT the real question--the real question is simply whether they can be made reasonably secure. Or, more importantly, whether they can be better than existing systems. I find it interesting that, for all the various issues stated here, I haven't seen anyone comparing the security, ease-of-use, etc. to existing systems, when that is the only relevant discussion.



Less doubt? You mean, a nice, smooth process as happened in Florida? Is it just me, or does the group opposed to these types of advancements seem to be the same group most up-in-arms about the events of the last election? Can't have it both ways--either the system needs to be changed, or it doesn't. Clearly, the manual process has its issues and advantages. It is against these that any new electronic system should be compared.

As for the general 'right-wing conspiracy' concerns, I also think these need to be compared with the current system. It should be noted that, currently, voting is supervised by decidedly biased officials. These officials have numerous opportunities to sway the process in their favor somewhat (design/choice of ballot, etc.). Perhaps is it the knowledge of this that creates the suspicion? In any case, it is far easier to supervise/audit an electronic process, in that at least it behaves the same way every time. So, the code can be properly vetted before implementation, and, as such, is less susceptible to bias than the current system, which gives local officials a lot of control over how the election is conducted (ie--no enforced standardization).

Further on this topic, I don't see any inherent advantage for either party with the implementation of these devices. Consider an analogy of electronic cash registers vs. manual cash boxes. Simply new technology doing the very same job, more efficiently and effectively. Where there could be potential bias is with Internet voting, as more Republicans tend to be online than Democrats, creating the potential for higher turnouts for that group (ie, people voting who might not have otherwise).

As for comparing the two articles, I think it is important (as has been pointed out elsewhere in this thread) to consider the sources (Times being more conservative, CNN being more liberal). As such, neither, unfortunately, is being objective, and this is really an issue that needs to be viewed objectively.

The "nice, smooth process" in Florida had nothing to do with counting Xes in boxes. It had to do with whether Florida should be allowed to follow its own electoral laws and count the votes which were cast or not. As we know, the state was not allowed to follow its own electoral laws and count the votes which were cast.

I'm with Elspeth on this one: voters checking boxes with a pen and human beings counting them by hand. No levers, no punchcards, no scanners, no chads, no electronics, no software: paper, ink, and hands. Period. The process is too important to squander on easily compromised or unverifiable systems.

I agree 100%. It makes the most sense to just mark off your choice on a piece of paper and have these marks hand counted. This alleviates the possibility of "improper marks" (many of which are made by the voting machines themselves) ruining a ballot. I suppose this would be difficult to do though - people could more easily be accused of voter fraud/tampering, I'd think. BUt I suppose with all the money we'd save on machinery and the like, we could spend on ensuring there were multiple parties counting votes. I'm sure there will always be ways to make a vote fradulent, though.

There are plenty of other methods for voting with a standard ballot besides the Florida way Hobbes. If anything people were saying a specific type of balloting needed to be eliminated/changed. That statement should not be interpreted as scarp paper voting altogether and go with electronic voting.

Electronic voting may be inevitable in the future and possibly even preferrable, but it is no where near ready for prime time right now.



I think people have been making that comparison, albeit indirectly. With current systems (i.e. paper ballots) there isn't a security concern. You prove you are a registered voter, get your ballot, fill it out, drop it in the box. The ballots are counted by a machine of some sort and if there are any questions they are counted manually.

There is no security concern there. This method of voting has been in place for decades and has worked well. There are only a few possible scenarios for tampering here and most of them are unrealistic.

With electronic voting you introduce a whole host of new security concerns. Some of the security concerns have to do with hacking the machines in some way. Some very valid concerns also have to do with how the software is coded internally and the ability for it to be audited. Whether you have a bug in the software or whether a developer has introduced some malicious code is irrelevant -- the system must be trusted and proven before it can be used for something as important as a presidential election.

You remember the phrase made famous in Chicago: "Vote early, vote often"?

Any ballot counting that relies on people can be corrupted as well. On top of that, several precincts in Georgia have trouble being staffed properly for elections; how the heck are we going to get enough people to count 100+ million ballots in a general presidential election and actually get the results out in time for late-night news?

Punch ballots in Florida, Georgia, California, etc. routinely miscounted by around 10%, so that wasn't much of a help either.

It's the 21st century. Time to move forward and use the technology available to us to make our votes more secure AND more convenient. We have the technology now. We just have to find a way to make the security more obvious and verifiable than we have so far in the discussion.

I haven't debated in this thread, Wertz; Although, that sounds like something I may have said.

Could you please reference this?

While I obviously don't speak for Wertz, methinks he meant PE - she said this on page 1.

Good Lord - too many brain cells have bitten the dust. Yes, it was Elspeth. I've gone back and changed my original post. Apologies to both.

I definitely agree with you, but I would submit that the appropriate time to introduce this technology for the first time is not a presidential election.

Personally I'd like to see this work sucessfully in multiple states for local and state elections. Then in 2008 we could consider using it for the presidential election.

Oh geez...the paranoia continues...

Ari Rubin should be taken out to the woodshed and have his butt wore out by every disenfranchised voter affected by his negativity, spin, and blatant lies.

Ari Rubin is on the advisory panel of VoteHere.com, a company that doesn't make electronic voting machines. His views cannot be assumed to be non-biased no matter how loudly he yells "I forgot" (which he claims).

But the biggest problem/fallacy is the lack of control. All these "I hacked into the Diebold system because it's an insecure piece of crap" stories left out one critical item: CONTROL. It takes election officials to control the process. What do you think would happen to the paper ballot system without those controls? You don't think bags of ballots wouldn't be "lost" or stuffed?

I develop software for security systems and I develop software using smartcard technology. Although not impossible, it would be highly unlikely anybody could make their own cards. You would need the encryption key (a unique 128 bit number), the hardware that matches the key (you can't just use any hardware), and you have to almost have the cards and hardware touch (assuming it's prox encoding - not swiping, which means you physically touch the encoder). The hardware has no range, so it's not like you could stand 5 feet away and do it.

Databases - evoting uses double entry accounting methods. You can't just delete votes. You have to add a "debit" vote to remove one. So, most e-voting systems keep two databases to keep it even more difficult. Both databases much match.

Hacking - each system has a phone line and none is connected to the internet. You'd have to dial in and overcome all the security and modify both databases correctly. And you'd have to do this to all districts to have any affect.

Malicious code - the code that was released over the internet was pre-production code. It was never released. But let's say the grandest conspiracy of all were in progress, this is what would have to happen:

1. Programmer figures out some way to put malicious code in to favor a candidate on a machine made for generic use.
2. All the developers working on that code somehow miss the most important code of the project. And if you've ever developed in a multi-programmer environment (using Visual Source Safe and the like), that's absurd. We all work on the same code, so this would suggest all programmers are in on it. And "counting code", the purpose of the software, would be under the most scrutiny.
3. Management sanctions this behavior that if found out, would sink an industry they are investing millions in.
4. Election comission programmers audit the code (I believe they do this twice). Somehow, they would miss this malicious code.
5. The software makes it through testing. Contrary to the lies from Rubin, the software IS tested in election mode. Vote are randomly cast during testing in a way that makes it impossible to alter.
6. Since some believe it would be a trojan, the trigger is activated at an election place by an insider. Of course, we'd have to have someone inside each district to make a difference.
7. During the course of the election, random votes are made as audit votes. The malicious software would have to get past that.
8. On top of all this, the software would need to know who it's voting for at any place and any time.

This is simply preposterous. As someone stated before, it would be much easier to crack into an ATM and clean it out. I don't see anybody screaming about that.

Receipts - we don't get them now and personally, I think thats a VERY bad idea. For instance:
1. I come back from voting. Boss wants to see who I voted for. He doesn't like the answer, so he fires me. Of course, that would be illegal. But Ohio is one of the many "hire-at-will" states which means, employers don't need a reason to fire you. They can fire you for fun if they want, only not for what is protected. Simply telling you to get out bypasses that.
2. Votes could be bought. Show your proof of vote and receive a chunk of cash. If you can believe the absurdity of Diebold fixing elections, you should no problem believing something this easy.

Contrary to Rubin, you CAN recount. The man's an idiot.

Every problem attributed to Diebold has been operator error:
1. The officials forgot to turn the systems on until the last minute. By the time the equipment booted and validated, time was lost and some people couldn't vote on time. That got blamed on Diebold as "disenfranchising" voters.
2. Mistyping precinct codes left candidates off the ballot.
3. Default passwords were not changed at some districts. Which means, somebody may have been able to dial in to perform the other 1000 unlikely tasks required to alter the election results.

It suprises me that the dems are the ones complaining the loudest. E-voting is the best chance for accurate votes from everyone - including the blind, deaf, handicapped, and in the case of Palm Beach, stupid.

In summary, if you left me (or any decent programmer) with an evoting machine alone for a couple hours, I might be able to rig an election. If you left my 5 year old daughter alone in a room with a box full of paper ballots for a couple hours, she could rig an election.

But that's not how it works. Election officials control these processes - no matter what it is. The "hacker" stories leave those controls out. People are left alone with systems that in reality, would never be allowed. Without these controls, the same election officials we fear would activate trojans or do whatever it takes to alter an election with evoting could be doing that now with paper ballots.

I swear, I'm an inch away from creating a web site just to take on Rubin and kick his lying butt and expose him for what he really is (and since I can't afford any more strikes, use your imagination). The reason he makes me so mad, is because I'm tired of pregnant hanging chads, finding ballots in people's trunks when the election is over, and having the court system intervene in our election process. Rubin is making money for himself and VoteHere.com at the expense of people willing to believe anything to justify their hatred of Republicans. Heck, I don't have much use for Republicans myself right now, but I don't need to invent a grand conspiracy to justify it.

Thanks for taking the time to post that very detailed account DR. I think I agree with what you are saying, however the problem is that there isn't enough assurance the election officials do have that control.

If Diebold (or whoever ends up winning the contract for eVoting machines) were to be subjected to multiple audits by several independant agencies (as someone suggested earlier) and they went into this kind of detail and agreed it was a good design, then people would be fine with it. Clearly Diebold doesn't have an obligation to release their machine specs and design to the general public, but they do have an obligation to prove they know what they are doing to an impartial panel of IT experts.

It is my opinion that Diebold has thus far approached this very much in the "we have to hurry to get into this multi-billion dollar market before anyone else does" rather than the attitude of "we are going to do this the right way no matter how long it takes (within reason) and our software will stand on its merits".

You know as well as I do the kinds of things that happen in software development when you have that kind of pressure from upper management. The fact that you have an integrated development environment is irrelevant, programmers generally work on different modules which sometimes touch common things. The time spent during integration testing and QA is the important thing here. You also know as well as I do that most software companies now use the Microsoft model of testing (i.e. release a product with minimal testing and your user base finds all the bugs for you. By the time you get to Service Pack 2 or so, it is a stable release.)

I don't know very much about Diebold as a company specifically, but I can say that odds are on my side because the clear majority of IT shops operate this way.



And that is exactly what could happen if this isn't considered up front and if you don't have a panel of experts trying to poke holes in your design.

If the pre-production code was released over the internet, do you think it is out of the realm of possibility that someone could obtain a production version of the code later, obtain an actual machine to play with on their own, or know enough about the system from the pre-production code already?

I don't inherently trust anything when it comes to evaluating some IT solution unless I can review the design and poke holes in it. In this case I could be assured if a competent 3rd party played that role.

Cube Jockey, you are mistaken and you've used a point of mine out of context...foul.

First, an integrated development environment is highly relevant. We're not talking about obscure features and setup screens. We're discussing the money shot. The software serves no other purpose than to count votes. This code will be looked at by many people, including election commission programmers under the closest of scrutiny and randomly tested for accuracy.

I forgot to mention that evoting machines are randomly pulled out of production and tested for accuracy in "election mode". The code is audited, the code is randomly tested, and the machines are randomly tested.

As far using what I said, please use all that I said:


You've purposely left out the importance of control in any environment. Meaning, if lack of control is a problem with evoting, it's a problem with ballot voting. This is an issue not easily resolved by evoting cynics, so don't feel alone.

No, I wasn't referring to obscure features, but election machine code is still likely to be complex, therefore it is probably modularized and object oriented.

Additionally, integrated development environment or not, two developers cannot work on the exact same peice of code at the same time. Even if one developer checked something in and another checked it out, they would likely not be working on the exact same thing, that would just be ridiculous. But to your point, there are probably many eyes on the code during build and testing. That alone doesn't rule out the possibility of a developer introducing a flaw either by accident or maliciously.



It seems you are fairly knowledgeable about what the election commission is using for their testing methods. Is this just how you assume they would do it, or have they stated in some kind of press release this is what they are doing.

For me, the problem isn't so much concern over hackers,. control or anything like that. I want to make sure that an idependant panel of experts has certified these machines. Given the problems they have had in the recent past, I don't think that has happened. If you have some kind of source (which you seem to be referring to) which might convince me, then by all means please do share.

Don’t think I could add much from the IT professional side, fellow AD members have covered it well. Bottom line: when it comes to bits and bytes, anything is penetrable and can be manipulate regardless of any controls in place, manual or binary. One thing the difference of IT opinions demonstrates is exactly the reason this is a bad idea: seasoned pro’s can’t agree on the validity.

Was part of a security audit at my company and one of the eye opening stats that came across was that on average an unprotected web site is compromised in less than twenty minutes. That means if you spun up a public web site and didn’t protect it with firewalls etc… someone will have control of your site and server in less than half an hour. And the hackers aren’t aware until the site hits the web.

I feel confident that what ever work has been done in the e-voting world, there is already a group out there trying to find a way “in”. Although former Mayor Daley may like the results of their work, it has no place in determining the future of this country and the rest of the world.

Our system is the best I’ve seen: Scantron. Simply draw a line on your candidate(s) of choice, then it’s scanned in by an election official (while you hold the cover sheet) and after the polls close the votes are uploaded from the machine for quick results.

For auditing purposes the machines are taken to the board of elections where the ‘collector’ is removed from each machine and once again uploaded and compared to the results that were dialed in to ensure nothing funny happened when the machines were originally uploaded. If they don’t match, then the original Scantron ballots are counted to figure out what went wrong. All it takes is one vote to be out of synch and the ballots are counted manually.

It’s quick, secure, and provides the desired ‘receipt’ for auditing purposes.

I’m all for my government using technology to reduce cost and improve efficiency, but not at the expense of an election.

Let me repeat my premise again:


You can't ignore management controls to make an argument. You are making the same type of argument all other evoting cynics are making and it's a completely false argument because you are using two sets of standards. Bits and bytes can be manipulated by seasoned developers with a penchant for treason, or ballots can be altered by a 5 year old with no skills whatsoever.

Without election commission controls, anybody, and I mean ANYBODY could very, very easily rig an election with paper ballots regardless of how it's done. Avi Rubin (my mistake in previous posts - it's Avi, not Ari) and Bev Harris make a living avoiding this.

Almost everything you hear "bad" about evoting requires either administrative access to the system, network access, or nobody noticing that you are trying to hook up your own smartcard reader that does nothing more than change your party affiliation (not your vote).

This is how disingenuous these people are:
Avi Rubin had stock options and was a member of VoteHere advisory board. He said "oops" and resigned from that board after his report was released and people found out.

Bev Harris got a copy of the PRE-RELEASED source code called rob-georgia.zip and started blasting how Georgia got robbed in their election when they used smartcards. She failed to mention that code was intended for Rob Behler, a contract technician working for Diebold, to review. Nevermind that code was never used. And nevermind that there is not one shred of evidence that votes were miscounted, but she uses that "the absence of evidence does not mean the absence of evidence" argument. Gee, where have we heard THAT before?

Anyone skeptical of evoting never say a word about Sequoia and ES&S, other manufacturers of evoting systems. It's as if they are ok, but Diebold is the 3 headed monster.

Finally, SAIC, a third party IT firm, was retained to study this situation for Maryland when they got evoting machines. They took Avi Rubin to the woodshed in their report by stating:


They debunked literally every issue you've ever heard about. There's conspiracy theories (like Diebold risking criminal treason and losing millions in investments by rigging an election) and then there's reality.

Is evoting perfect? Of course not. It's new and needs improvement. But it prevents over and undervoting, gets rid of pregnant hanging chads, and allows handicapped voters (vision, dexterity, etc) vote in private like the rest of us are entitled to. For every valid negative issue you find wrong with evoting (in reality, not conspiracy), I could name ten that would exist with paper ballots.

Please, take my first statement to heart. If you wanted to rig an election using the same criteria as used with evoting, it's much easier to do it with paper ballots because it takes no special skills and doesn't require a grand conspiracy.

Aquilla,

Yep, very possible and good thinking too! It'd show possible weaknesses in the system. Then the states could go back to Diebold or whoever and demand that the code be fixed.

It'd also be interesing to exercise the code for hidden commands. Not that I've ever written something like that

That is already part of the process. Both the code and machines are randomly tested using this and other even more comprehensive methods.

My point was that the management controls in place are not adequate for electronic voting. Comparing electronic voting to paper voting is really an apples to oranges comparison because they have very different issues and security concerns.

But, let me take a look at the source you cited a little later today. From the little bit you quoted it looks like this might be the kind of thing I was looking for.

I'm not inherently against evoting in general, I am against throwing it in to go to market first, damn the consequences. From everything I have read so far that appears to be what is happening. But again, let me take a look at the article you linked.

....hard to withhold comments on the whole Florida election process , and against my general instincts to just allow others the last word, but will try

My only point in bringing that process up was that I see here (as with almost all IT implementations) security being brought up out-of-context. The context I think is relevant is either the status quo (hence my reference to prior elections) or reasonable and prudent measures. There is ALWAYS the possibility for any IT system to be hacked (just as there is ALWAYS the possibility of any manual system being compromised). I am not making a statement about the specific system/process being discussed here, just trying to provide the proper framework for the debate. I will say that recent posts are certainly well within this framework, and that, in general, I would tend to side with Dayton Rocker:



One further point I would add regarding hacking and the use of smart card and other security technology. The machines could easily be set up to require some sort of security prior to allowing ANY access to the system. This could take many forms--one of the most secure being a hardware device that must be physically attached to the system before any access is allowed. With such a device, someone would need to have both the hardware AND access to the system--greatly reducing the risk of unauthorized access (and also greatly improving traceability of any unauthorized access, since it could be tracked through access to the limited set of hardware keys). These 'keys' are coded specifically for that machine--you would have to get the right one for whatever machine you were trying to hack. Such systems are less convenient than smart cards, but more secure. Again, it comes down to reasonable and prudent--is the extra security provided by such a system worthwhile given the added inconvenience? (Keep in mind, the inconvenience would be overcome in reality by simply labeling each key, thereby greatly reducing its inherent security--just like the common issue of complex passwords being taped onto computer monitors so that the user can remember them).

One final point which I think is very relevant--electronic voting systems would at the very least standardize election processes, since it's certainly not cost-effective to create a new machine for every district. Standardized processes are more easily controlled, regardless of what led to the standardization (again--remember all the issues regarding the ballots themselves in the last election). This alone should be a sound reason for implementing electronic voting.

The Federal Election Reform network is chock full of good resources and articles about reforms that are coming down the tubes. It looks as if some kind of electronic voting is going to be the rage in the next few elections. The website features an article about the state of New York getting rid of lever-pulled voting machines in favor of an ATM-like device.

I remain unconvinced that hand-checked counting is any worse than even the best technology around. Yes it is cumbersome and slow, but I believe that it would be a more accurate and less corruptable means of counting the votes. of course, there are exceptions to rules, but traditional hand-checked counting is scrutinized through oversight and recounts, something that I'm not certain would be possible with electronic voting.

Lastly, how about the Times? I was very unimpressed with their editorial. They completely failed to deal with the elephant in the room, that being-the cozy relationship between voting machine makers and political parties. I wonder if somehow someone somewhere in the bowels of the Times stands to gain greatly if these electronic voting machines take off and millions are ordered. I've never seen such a flawedly argued editorial in my life.

There has been a rather significant update to this thread: California Whistleblowers Sue Diebold









I think that some of the incidents in this article illustrate many of the problems that I and others in this thread have with electronic voting machines. Does this lawsuit and/or the cases cited here change anyone's mind about this or open any new issues?

Yet another update to this debate - Electronic records of some Florida elections wiped out in computer crash, officials say




So, is there anyone that still thinks this is a good idea?

I never thought the use of electronic voting was a "proven" system that could work. If the systems were not certified by peer review in the scientiic community, then I don't think it would be wise to use computerized voting machines.

Both computer and manual voting could be compromised, but computerized voting can be compromised by someone completely unseen, while manual requires the wrongdoer to be present during their deceptive actions.

Why is this a partisan issue anyway? I see Democrats against the machines and Republicans supporting the machines? Why aren't we all against these untested machines? I don't care what political affiliation you're under, the votes should count, and the review of the system should come under undying scrutiny. Why? Because the systems are new and different and should be treated as if it were a new study in science, something that gets peer review. If you're trying to prove that these systems are secure, you don't just say, "Well if the elctronic data is wiped out, we have more electronic backup." That's not good enough. For a business, you have far less computers than a possible nationwide voting system, so the percentage error may be too much. Let's say you have 1% error. At a business with 10 servers, this isn't so bad. A country with thousands of machines is ridiculous with a 1% error.

At least have a printout, some sort of paper that shows how you voted; after you vote, you confirm the paper ballot and then it moves to a collection tray. At least with this method, you can have a recount; in addition, you can prove the accuracy of the machines through independent tests that are not conducted or contracted by the company.

Why argue for a completely computerized system where you have no transpareny? I seriously do not understand why people are so gung-ho in supporting this system. IT background doesn't give you any greater credentials. If Diebold simply goes under peer review, then I wouldn't be skeptical of such a system.

What's so hard about a paper printout of the vote in the first place? It's infinitely simple to implement.

Basically because Diebold has the most extraordinary history, supporting Republicans in the fanatical sense. Not only are the owners staunch, I mean religious Republicans who believe that we should live our lives as in biblical times and are contributors ( I think they are heads of) ultra right wing fanatical organizations (see my past posts links in this section) they have thwarted all legalise to get their voting machines to produce viable tracking of votes. The Diebold problem has been a controversy for years when they sold machines to Maryland I believe, who complained about no viable paper tracking. Diebold claimed it was too expensive to provide tracking or paper output and there were huge complaints.

I have been on this since 2000 when the Feds under Bush, right after the election 'gave' electronic voting machines to alaska free of charge. It was very suspicious at that point in time, especially since alaska is nobody. I made some posts which were deemed by conservatives as 'you cant hack machines and this is entirely bogus' (weak but what can you do (then), it wasnt a pressing thing. Florida and several other states had legitimate complaints.

Yes, you are right, Republicans dont seem to see a problem, hmmn...wonder why they are not worried about their votes? Change in administration and I bet there might be a bit of speculation, not likely with Diebold at the head of things. Funny that Repubs seem to understand this and think these machines are just the best thing since sliced bread, unhackable and totally reliable, despite all evidence to the contrary.

Me. Just because the vendor is a screw-up doesn't mean the idea is screwed up.

Let's pick a better article from my hometown:

Election vote loss examined (registration required most likely)



Basically, the folks managing the computer systems didn't back up the database logs and lost the transactions 6 months after the election was over.



Not Diebold. Sorry for those of you who want to bash the big kahuna, but Florida does things their own way. They picked ES&S instead.



So only impossible to "recount" because they can't figure out which system sent which vote.

As for the lawsuit about recounts, Gov. Jeb opposes a paper trail as does the Secretary of State (no longer Katherine Harris, but Glenda Hood), and the lawsuits have been unsuccessful so far.

A paper trail is good, but not necessarily fool-proof either. A receipt is nice, but also not anything that could be used for a recount if they're taken out of the polling place (since you could then forge it). Really, an audit of the entire system (not just the voting machines, but also the back-end machines that tabulate the votes) is something every government should insist on doing. That's what we should be fighting for and not worrying about whether the machines are manufactured by a company with strong ties to Bush Jr.

Oh yes, and Florida is such a shinning example for all states to follow. Here’s an interesting bit of interesting about ES&S:



Got to hand it to that Bush family, they dare to go where no man has gone before.

Edited to fix quotes.

Amf, I have never argued in this thread that the idea of electronic voting is screwed up. In fact I think that electronic voting is desirable and even inevitable.

However, I have argued numerous times that trying it out on a large scale for the first time in a Presidential election, and what will likely be a close Presidential election, is not the appropriate course of action.

This is from my first post on this topic:


So, I have never been under the impression we were arguing that electronic voting itself was bad, I always thought we were trying to to determine if now was the appropriate time to use it (as that is the premise of the original articles linked for debate).

We also went to e-voting here in Georgia after 2000, when over 12% of punch-ballot votes didn't get counted.

We had numerous dry runs, and used it for the 2002 race with limited problems. Recent primary election also had minor problems with some precincts, but not worse than punch cards.

Am I worried that my ballot won't get counted? Not as much as with punch cards. Had no clue then, either, if my ballot was being counted or who I was voting to put in office after I left the polling place. I think some folks have moved the bar for e-voting to suit their own paranoia.

As for Fife's lobbyist issue, if I were ES&S, that's EXACTLY who I would have lobbying for my company if I wanted to win the contract. No worse than any other state legislature.

And again, your state happens to be a success story, however I could easily point to just as many failures as you can point to successes. You actually prove my point for me, we need to get electronic voting implmented 100% at the state and local level and have it work reliably for several elections, then we can use it to elect the president.

So, apparently Georgia's system works - congratulations - but there are many states such as California and Florida to name a few where it doesn't.

We have a VERY bright Sec of State who wants to be Governor in a couple of years. She's a D, by the way, but very popular here.

We have used the voting machines several cycles now and they work well. We'll use them in the big election this fall.

Other states can be just as successful after they stop screwing up. But blame it on the states and not on e-voting or Diebold or whoever.

For whatever reason, democrats have the biggest problem with evoting. And this just simply tears me up.

Are democrats so stupid (HINT: answer=no) that the evil republicans can rig an election without a democrat figuring it out?

Let's just say - for the sake of argument - that the CEOs of 3 different evoting companies are conspiring to rig elections to "bring the votes to Ohio" or whatever stupid thing one of them said for Republicans.

Now - somehow - they need to convince all the republicans from the executives, to the programmers, to the technicians, to the election commission officials, and to the poll worker (all inclusive), that they need to help rig some election.

Now, on top of all that, that need to make sure no democrats find out and also make sure nobody willing to commit a felony of this magnitude finds out regardless of party affiliation.

This is what Bev Harris and Avi Rubin want you to believe. That a conspiracy this big and complex exists and works.

It's too absurd for words. You never hear them talking about how a DEMOCRAT could rig an election. It's always the evil republicans because the CEO's of the companies are republicans.

There has never - and I repeat NEVER - been a case where the machines did not record a vote properly. 100% of problems have been caused by humans. And these are the same type of problems that exist with paper ballots.

The machines and elections are randomly audited, recounts are possible (even though the cynics say it's not), and there is no connection to the internet. Evoting machine technicians do not have user ID and passwords that the election official needs to transfer the votes to the main terminal (a dial-up connection is used) and the C++ development environment is not on the machine so they can hack source code.

As far as the latest lawsuit, guess who's behind that? Bev Harris - the woman that says this has nothing to do with money. She filed a whistleblower suit and is attempting to extract a bunch of cash from this suit.

The problem with these people pushing absurd paranoia, is that instead of becoming part of the solution, they choose to be part of the problem. Evoting works and it has been proven. All counts are voted. No more undervotes. No more overvotes. They are multi-lingual. The disabled can vote with dignity. It just amazes me the the DEMOCRATS, of all people, have the biggest problem with this.

I'd like some of these people to be part of a cynical watchdog group to make sure the evoting system works as well as possible. But no, they are pulling evoting machines out to replace it with pregnant dimpled hanging chads.

For one, I wouldn't be so bold as to use the word NEVER, DaytonRocker.

Secondly, whether the problems with voting comes from humans or the machines themselves is irrelevant. The point is the results are not accurate, and furthermore if there is an error you cannot do a recount or "determine intent" (see florida law and hanging chads) as you could with paper ballots.

Let's take the 2000 election for example. If Florida had "lost votes" as my article describes, that could have been a huge problem. Those votes would be gone and there would be no ability to do a recount (based on the current technology). It absolutely does not matter that what the article describes is a human issue, the votes were still lost and they wouldn't have been lost with paper ballots. If there is no audit trail then you are worse off with electronic voting in a scenario like this. Surely you have to agree with that.

Now, once again DR I'm going to say I'm not against electronic voting in principle, I am very much against going for a big bang approach and implementing it at the national level for a presidential election in a short amount of time. That strategy is going to be wrought with problems, as all of the articles I cited prove. I am for getting electronic voting in after this election and testing it through numerous "real" elections so that it could be used on 2008.

So what are some of the problems with rushing in and doing it right now? Well the biggest problem is the human factor, which you have apparently decided to ignore completely and instead have decided to focus on the technology. In your last post you even admit it is a problem with human error.

Let's assume for a second that the technology was perfect (which I don't for one second believe because I work in the software industry). No one can possibly be expected to implement these systems in all states or even a majority of states in the amount of time we have left until the election. I also happen to work with primarily public sector companies and government entities and I can tell you for an absolute 100% certain fact that they don't move at the speed of say a Fortune 100 company as far as grasping a technology, getting it implmented, changing business processes and training their people. I also used to work for one of the big 5 consulting companies and I can guarantee you that even when you throw 100's of consultants at a problem and spend millions of dollars, things still don't go smoothly even with A-Team people.

Furthermore, in several government entities there are serious experience gaps with technology because frankly governments just can't pay enough money for quality IT resources. That doesn't mean they are all bad, but on the whole it is a pretty safe generalization.

The right solution with public sector implementations is always "go slow, and repeat things often". I don't understand why you are so willing to jump the gun on this technology when there are so many problems even with local and state elections right now. When e-voting has been able to elect local and state officials for a few years, all the people running the elections are trained and comfortable with the process, and the controls have been proven to be sound -- then I'll be ok with using it for a presidental or federal election. How can you look at all the problems these things are causing right now and say "hmm, well it is just stupid people, lets put evoting in anyway". I have nes for you, the stupid people aren't going away -- they need to be trained and that takes time.