Here in the state that sent Bush back to the White House, I've been reading and watching and listening all the sound and fury about the election and the errors and possible fraud and disenfranchisement.

My feelings are as someone who stood in line for 90 minutes to vote that there were some big problems on Election Day. It does disenfranchise people when their boss gives them a hour off from work to vote and they have to wait two or more hours to do so. There's no valid reason to move voting machines from primarily urban and black wards to suburban wards that didn't need them.

I'm looking at the front cover of a alternative newspaper that reads in bold print: "WE DO NOT CONCEDE." I support investigations into voter fraud, intimidation, disenfranchisement and so forth.

But it's not going to change the result.

Alexander Cockburn of The Nation recently wrote about his weariness about the post-election battles: The truly bad news is that the 9/11 nuts have relocated to Stolen Election. My inbox is awash with their ravings. People who have spent the past three years sending me screeds establishing to their own satisfaction that George Bush personally ordered the attacks on the the twin towers and that Dick Cheney vectored the planes in are now pummeling me with data on the time people spent in line waiting to vote in Cuyahoga County, Ohio, and how the Diebold machines are all jimmied. As usual, the conspiracy nuts think plans of inconceivable complexity worked at 100 percent efficiency, that Murphy's law was once again in suspense and that 10,000 co-conspirators are all going to keep their mouths shut.

I don't doubt, nor do I dispute the earnest efforts of many concerned individuals to find out exactly what went wrong on November 2nd and what can be done to make things work better next time. The American system of elections is hardly perfect and can certainly be made to work better.

However, there comes a time to LET IT GO and move on. There are battles enough to fight and fighting battles that are over is only a waste of precious time and energy.

I would agree with NT, and add that I am also in favor in investigating the process...in all aspects. If improving the process for the future is the goal, I think that is very achievable (and should both be conducted and supported in bipartisan fashion). If the intent is to overturn or call into question the election...that really isn't going to happen, unless something massive is uncovered...and possibly not even then.

While I applaud the idea of perfect election results, I also agree with those who point out that its just not currently possible. It is too difficult to keep accurate voter registration records, and match those up with those trying to vote. I can see this changing...but not unless all the voter registrations are tied into a single system, and electronic voting cards are issued (or some other method of verifying voter identity and matching it with voter registration). This is why I am a little baffled at the resistance to implementing electronic voting systems...that is, in the end, the only way to come anywhere close to the perfect election process. For those wanting verification that the electronic system works as it should...I have no issue with that, it certainly should be subject to scrutiny. But resistance to that type of technology in general is acceptance of the status quo--which, by now, I would think everyone would agree is not where we want to be.

Of course the system isn't perfect. Thats not my point. My point is we should always TRY (key word here) to achieve perfection even knowing that it maybe unreachable at times. The world isn't perfect, but that doesn't stop people from reaching their goals.

As far as accepting this loss, well let me ask you. WHO REALLY BENEFITS FROM THIS ELECTION???

The answer: CORPORATE AMERICA!!!!!!!!!!!!!

If Americans will just research and understand the corruption on both sides of the political aisle maybe, just maybe we can elect a true President. John Kerry was just the best alternative to me in this election. So my brain is fine. My life doesn't revolve around politics 24/7. I just call it as I see it.

And when corporate america benefits...the people benefit. Corporate America...they are the ones making the jobs buddy. When they do well, the consumer benefits and the economy benefits. This is the basis of a capitalist system.

Back on topic, the election is over. Lets stop focusing on it and look towards the future of America. Lets not make the mistake that Bush winning was somehow mysterious. The Repubs had major victories in both the House and Senate. The people voted conservative this year...plain and simple.

That's actually not entirely true. People may benefit in a short-term but may lose big in a long term. A simple example: opening all national parks for logging and farming may benefit local population in a short term by providing jobs for several years... but will hurt them (and the entire nation) one generation later.
Now for a real-life example: I invite you to take a ride up here to Connecticut and take a swim in Naugatuck river... if you dare . It's a little better now, but just a few short years ago it was so polluted by all the factories in Naugatuck Valley that they say the river was glowing in the dark. Corporations benefited... local people had their jobs, short-term. We, one generation later, pay the price. That's the flip side of capitalist sytem for you.
It's really not ALL about jobs...

I completely agree DR as I explained why it would be difficult to get away.

However as a programmer you should know that if the source code has not been reviewed by an independent panel then they would be able to code it to do whatever they wanted it to do. That's really my only concern.

I absolutely agree. The source code should be "open sourced". The hardware could be provided by any vendor. The software on the other hand should be available for anyone to view. Closing the system invites tampering either internally or externally.

An "open source" code would open it up to hacker's much more easily. Opening the source code to the public means you are asking for it to be altered. However the code should be approved by a bi-partisan panel in the strictest of confidence.

I'm sorry, but I absolutely disagree.

I write no-fly code and watchlist crap for a lot of major airports. I can't go into the details of how it's written, but a major factor in how people are screened have everything to do with ethnicity. Not completely, but mostly.

The airports don't review my code so I don't purposely let bad guys in. They look at results.

So, if I were writing evoting code and even knowing what I know, there is no way on God's green earth I would know who I'm supposed to be looking for unless I knew WHO I was looking for. And even though I'm a simple hall-of-fame-world-class-anonymous-internet poster, I'm really good at what I do. And I can tell you, unequivocally, there is no way I could tell who the republican and democrat candidates are.

There is no way to get evoting equipment to vote for one party when each machine has no clue what the votes are for. Heck, the machines could be used to vote for the amount of sheep allowed for each acre of land not allowed for industrial use for all we know. The next week, it could be for president.

So, it terms of the source code, it's irrelevant. What matters, is reproducible results. And as long as the evoting machines have been in existence, and as long as the nutjob theories have been bandied about, the machines have been correct ONE HUNDRED PERCENT OF THE TIME. Never, has there been a factual error. There have been configuration errors and process errors, but never a factual error.

When the machines are built, they are continually audited. This means that the machines are put into election mode, an election is emulated, and specific votes are cast to make sure everything line up. That has been right every time.

When the machines are used in election, everything is the same, but obviously, real votes are used. But the audit votes are still cast. And again, there never has been a mistake.

This is what keeps it accurate - not allowing everybody with a computer and VBA experience to contribute. The results are no different. The results are what matter. And this election has vindicated evoting. There are far less over and under votes, there is no interpretation, and the recounts are easy (contrary to the evoting pimp claims). And so far, it is completely undisputed that evoting equipment was accurate this past election. Questions? Doubts? Of course. Evidence of inacurracy/fraud? None.

This "open - source" method is no different then the paper trail crap. People want a print out of their vote to verify their vote was recorded accurately because they don't trust the machines. But they somehow trust what is printed is the same as what was recorded - a laughable premise.

So, that gets discounted with the pen and paper method. Which is far worse because we get the bug-eyed Florida guy looking at a ballot asking if it's a number 2 pencil, an X or a check, fully within the boundaries of marking, etc.

So, then we're back to hanging dimpled pregnant chads.

The system works. The system works because there are very honest and hard-working democrat and republican officials making sure it's right. They can't make it perfect, but it's the best game in town.

My husband deals with sensitive computer networks..security wise for the US Army. They do have vendors who code junk up for them (and yeah a lot of it is junk ..and makes me miss my husband on the weekends) and my husband is the middle man ..the buffer between them and the system. He has the clearance and so he is the guy who actually installs the programs and fine tunes them...etc. They also ..I think the word is parse?..code to see if there are any hidden little uglies in them.

I agree with you that evoting is the best way to go. Also the results are a testament to it's accuracy.

It would be simple to code a program that could give 1 out of every 500 votes automatically to a certian candidate even if they did not know who that variable was going to so it wouldnt make much sense to do that. But that doesnt mean that it should not be a concern.

So did these "mock votes" account for 500 votes, 1000 votes? Thats why I believe the source code should be reviewed by a bi-partisan panel in the strictest of confidence. I certianly do not support it to become "open source".

Actually, DR, I'm alot more concerned about hacking the boxes rather than someone intentionally writing biased code. A computer is a computer is a computer. Anything which executes a general purpose instruction set can be reprogrammed to manipulate data in a malicious manner. Open source is one mechanism which can be used to "authenticate" that the data manipulation mechanism (that is, the program) is secure. Obviously, nothing is guaranteed. But, I do think there is alot of empirical evidence out there suggesting that closed source systems are more likely to be hacked than open source systems (as a ratio of deployment). In other words, holes in open source systems are found more quickly than in closed source systems. But, I don't want to get this debate derailed to an open vs. closed source polemic. Suffice to say, it's the public's money, the public's vote and the public ought to be able to see how their money is spent and their votes are counted.

As for the paper print out thing, I agree. It is possible to create secure, encrypted transactions for one's data. It is also possible to create a mechanism to authenticate such transactions after the fact without revealing the contents of the data itself. Paper is no better than a bank of redundant hard drives (actually worse). However, the Diebold voting machines and associated backend databasing do not have a particularly secure or robust authentication system (from what I've read). And since we're exchanging backgrounds, I've been working in this field for quite a few years as well. Even machines which are not connected to a network all the time can be hacked. Recall that viruses used to be passed via floppy. Buffer overflow exploits can be used manipulating onboard flash in the machine opening backdoors for secondary and tertiary exploits via more traditional means. Indeed there's alot about the Intel processor architecture itself which is fundamentally problematic from a security standpoint.

Finally, you make reference to e-voting being "proven" in this election. I'm sorry I just don't agree. As these machines are deployed, exploits will be found. If there is no serious attempt at data authentication, then we will never know that the data has been hacked.

This was an interesting post to look back at. If you look at the county results as posted on CNN right now, it still shows:
Muskegon Updated: 2:17 p.m. ET

Kerry 45,248 55% 100% of precincts reporting

Bush 35,943 44%

Nader 391 1%

Badnarik 134 0%

Cobb 111 0%

Brown 59 0%

Peroutka 53 0%

Thar is a total of 81,939 votes cast for President.

The official PollBook Total shows 80884 voters who voted in Muskegon County.

The current Secretary of State results for Michigan show:

Kerry 44,282 100% of precincts reporting

Bush 35,302

Nader 383

Badnarik 132

Cobb 109

Brown 54

Peroutka 51

The total of 80,313 votes cast for President in Muskegon County reflects the certified result in the County. I kept asking about the discrepancies between the posted votes at the state level and the local level. For my daughters birthday party, we rented a mansion that had been built in 1872 and restored. Among the other pictures posted in the house were photos of the owner with the Governor (Dem) as a guest in the home, and with both State Senators (Dems) among other dignitaries. I showed them printouts of the inflated vote counts at the state level, and within a few hours the Secretary of State's website had been updated...on November 16, 2 weeks after the election!

I also have two letters from the governor's office, thanking me for my interest and assuring me that the Secretary of State's current postings are now accurate. It had never occured to me to write the governor's office...

It is now December 1, nearly a month after the election, and the results posted on CNN still reflect the inflated results posted shortly after the election! While the certified results are recorded by the government bodies, as a general population, we tend to rely heavily on the news media. It was the media, after all, who felt that it was necessary to rush to publish the name of the winner within hours. That story having been decided, there seems to be no rush on their part to check the actual facts and update their records.

While that is the clearest and most plausible "threat", it gets back to the 10,000 co-conspirators theory. It would be very difficult, require many skilled programmers, and require complex logistics rig an election. One precinct would be tremendously difficult, but an entire state or country? In this area, it's hard enough to find people to work where I do for decent wages. I can't imagine how hard it would be to recruit highly skilled and educated programmers to perpetrate a felony on the order of treason.

As with the lack of witnesses, were the "recruiters" able to retain 100% of the hackers they approached? Meaning, how come one person hasn't come out and said they were solicited to hack the vote, but decided the potential jail time wasn't worth it? How much money do you think THAT story is worth?

Certainly, one person couldn't do it. The election was done in one day and the hackers would have to have figured out the modem logins via brute force methods to dial in a make alterations very quickly. But I'd be money the central tabulators don't even have the capability to respond to incoming calls. Why would they need to?

If that method wasn't used, it would be someone on the inside. People all over the United States would have to have unfettered access to the systems to hack into it from the inside.

I'm sorry, but these are just nutty ideas.

Technically, it's not impossible. Realistically, it's absurd. As stated in Nighttimer's post, it would take a conspiracy of epic proportions, 10,000 co-conspirators who won't talk, Murphy's law would cease to exist, and be a massive perfect crime. Possible? Yes. It' not impossible.

Is it possible for someone to hack into my bank account and take all my money? Yes..it's possible.

Is it possible for someone to hack into AmericasDebate, get our login information, and send steamy personal messages to other members of AD under our names? Yes...it's possible.

But realistically, these examples are absurd. It's simply too difficult and would take more time than it's worth. However, the "hackers" would have something on this order of difficulty to do all over the United States in a 12 hour period.

But, it even gets harder for them. No evoting equipment is connected to any type of network connection. The voting machines themselves have no keyboard, mouse, or any other type of input devices. They do not have modems, network cards, etc. Everything is loaded via a sealed and verified flash card. The central tabulator has a modem used to transmit results. That's the only external lifeline to the world.

I'm not going to compare braincells and skills in terms of programming as I'm sure I would be very unqualified when compared to other programmers here. I'm good at what I do, but it doesn't make me the best by a long shot.

But I need someone to tell me how you either get 10,000 skilled programmers/technicians unfettered access to voting systems, manually modify a database without software tools (and in some cases, no input device) and without corrupting the database (there are parity/sanity checks - you can't just modify a number without breaking something somewhere else), get it right 100% of the time (otherwise, there would be true evidence of fraud), and make sure not one person leaked one detail of this conspiracy...

...OR have 3 evoting companies (Diebold is only one of them) leave these types of vulnerabilities that could be exposed by anyone wanting to hack into their systems.

That would be a sure stroke of genius. Three evoting companies investing 100's of millions of dollars into a technology only to have it come undone by some snot-nosed 12 year old.

If we're going with these types of ideas as being plausible, how come Bin Laden isn't using them? I mean, if a computer is a computer is a computer, why not have these same type of people hack into aircraft computers and have them fly themselves into buildings? Who's checking that code to make sure it isn't programmed to do that? Should that be open source?

There were problems this election. People should not have to wait 90 minutes to vote. People should not be intimidated. I'm sure some tried to cheat. But these issues can be improved with technology. We can't get there because we have these type of ridiculous notions in front of people scaring them. So, the improvements come slower.

I've told Bev Harris right to her twisted face (on a message board somewhere else) she is HURTING this cause. She has her mind made up that pen and paper are the only way to have an election. If we had to wait for people to write out their ballots, how long do you think those lines would have been where people were already waiting 90 minutes? How many votes do you think would get thrown out because of pensmanship, wrong pencil, no pencils, over and under voting, checks versus filling in the circle, and the multitude of things available to screw up a perfectly good vote. we'd be back to devining the intent of a voter because he/she has crappy handwriting skills. Let's not even get into the problem disabled people would have.

She could be part of the solution by leading a watchdog group to make sure the election standards are implemented and followed religiously. She could help by pointing out potential problem areas.

But she's not. She is getting this equipment removed by repeating these bullcrap theories we've been talking about here. She is the de-facto leader of the voting fraud movement and has successfully had equipment REMOVED from precincts that don't want to go through the lawsuits she files.

Diebold could be evil. Sequioa could be evil. ES&S could be evil. Either would do anything to put their competitors out of business. But put themselves out of business?

All of this defies common sense. It's Occams Razor. With all things being equal, the simplest explanation is usually the correct one. And here, the simple explanation is, Bush got more votes than Kerry. I don't see how and can't understand why, but that's the fact. The dems need to put up someone a lot better if they want to win. How about using that energy to field a better candidate instead of chasing windmills?

DR, hacking a system is not as difficult as you are saying. Here are some possible entry points:

1. Hack repository where the code is stored for the Diebold machines. If this repository is unsecured, then the machine code be modified in malicious ways. If anything entering the Diebold machine gets compromised, then anything which exits can be compromised (viral spreading).

2. Hack code which downloads the Diebold machine code onto the flash card. If this were modified, some sort of malicious exploit could piggyback.

3. Hack code which uploads data from the flash cards to the database server.

4. Hack the database server. Create zombie processes to do 1-3.

5. Hack the database itself.

None of these techniques require 10,000 programmers as you suggest. Indeed one programmer could do this. Here's the thing. The larger the program is, the higher the chance of security holes in it.

Am I saying that this what was done for this election? No, I do not believe it was. Nevertheless, the more complex the tabulation scheme is, the higher the chance of discovering flaws in it. The fact is: a computer is more complicated than other types of tabulation mechanisms.

Finally, keep this in mind. We have an ever increasing problem with viruses, worms, trojans and other types of malware. Most of the systems being compromised offer no real "prize". Manipulating the election process on the other hand is a real "prize" and thus it is inevitable that there will be hacks in the future.

The "nutty ideas" as you are so fondly putting it are reality today just perhaps not with electronic voting, but it will happen. It is possible to protect from exploits by authenticating both the code and the data. Again, I don't want to get into debate on the "open source" vs "closed source" thing. But just consider this: the most successful and secure things in software have been open standards for everyone to use. It tends to be in everyone's best interest to insure those open standards are secure, reliable and can be authenticated.

I found that the Official Election Results from my county did not jive with the unofficial results posted at the Michigan Secretary of State web page. There were over 1000 more votes shown for President than voters. It took two weeks of asking, e-mailing, writing letters, and eventually saying something to the right person. I am satisfied that the official vote posted at that site now reflects the actual vote results. Today I happened to glance back at a CNN web site carlitoswhey had referred me to earlier. I was surprised to find that four weeks after the election, it still showed the unofficial results that had been posted on Election Day.

I thought, let's look at the Official Results for Florida and Ohio, and see how they compare to the posted votes on CNN...

It's going to take some digging to find out how to read the Florida Web Page.

The "Historical Election Data" link from the Ohio Secretary of State web site is still showing "unofficial results." A month has passed since the election! If we're supposed to "LET IT GO and move on," it would be nice to know that we're looking at some actual results instead of:


We have a right I would think, as voters, to have our votes counted and recorded by the appropriate election officials. Instead, results are being reported by the media; and having reported the results and declared a winner, they have absolutely no incentive to verify their results. Kerry has conceded, after all, so the election is no longer a story. Sadly, it would appear that our Secretaries of State are equally willing to let the story lapse once the media have won their race to declare a winner.

Maybe it is a waste of time, but how do the official Election Results from your County compare to those posted at your state web sites, and the numbers posted at CNN, NBC, CBS, ABC, FOX, A&E, and the Sci-Fi channel? It would be sad if the race to declare a winner was won with erroneous numbers and no one ever went back to discover that the reported numbers were wrong because we were fighting over the technical feasibility of a computer fraud.


CNN's exit polls in Michigan showed that you were most likely to vote for Bush if you were a white male, attended church on a regular basis, had a college degree, and earned over $100,000 per year. While that doesn't describe the general population; it probably describes well, most of the talking heads on the networks. It wouldn't take 10,000 anchormen to change the outcome of an election, just the first one to count to 270 Electoral College votes. Yhe others need only say, "This just in, XYZ network has now declared a winner. It's been a long day, and we're going home..." It takes time to get official Election Results, but what value are they if we never read them because we already know who won?

Maybe your idea could be created by 1 programmer, but it would still need to be implemented by 10,000 people with the savvy to get it onto all those machines and configure them to favor whatever issue is being voted on (the machines are generic - you can get them to record votes for padded toilet seats if you want). No machine is interconnected with another. They do not share a network connection (and especially not an internet connection) and most don't even have input devices other than the touchscreen.

This is the least plausible method to skew the vote as it would be almost impossible to implement at one precinct - let alone 10,000 of them.

Furthermore, it would have to favor a vote at a very low rate as not to obviously skew the numbers, but get all the audit votes correct. This would be the least effective way to rig an election with the highest risk of getting caught. Oh yeah, and you'd have to get this to work on several different manufacturer's equipment.

It just can't happen. We have controls in the process enforced by people of all parties making sure this type of thing can't happen. Could it happen one place? Maybe. Then again, there's nothing to stop an official from reporting a made-up number in some areas. But that doesn't happen on a systematic scale. And the more we try to justify how all these cynical ideas could happen, the longer it takes to get all votes counted more accurately, because we'll be using punch cards longer.

I agree that hacking the Diebold machines themselves is the most difficult technique. However, hacking the databasing and collection of that data is much, much easier. I disagree though that it would take 10,000 to do the former plan. All you need to do is rig the software which downloads the software for the Diebold machines themselves. You can create a replication scheme which would spread over time. You don't need people to do this. It is also a fallacy to believe that you need a network connection to propagate malware. If there's a way for data to get in and a way for data to get out, then there's a way for malicious code to be introduced. A network is unnecessary, or, more accurately, people moving data around on flash cards is a type of network. You're falling into the same mindset trap of the paper trail folks by believing that there is any substantive difference.


I agree that all this would have to be the case. However, you don't have to hack the voting machines themselves, you could hack the databasing system where the votes are collected. You could hack the software which downloads the votes from the flash to the database. There are many ways in which this stuff can be exploited.


You seem to be under the misapprehension that I'm against electronic voting. Quite to the contrary: I am for it. What I'm against is having no way of authenticating the software used to collect votes, download the votes, and database the votes. I'm against not knowing the process by which the voting machines are patched or upgraded, how the utilities which support the whole voting process are managed or coded.

Finally, you seem very sure that hacks can't happen. I must disagree. I believe hacks will happen. The question is whether or not we can detect them happening and once detected do we know the particular bits which have been compromised. This is what authentication is all about. We lock our doors to our homes but keep track of our stuff so in case it is stolen, we will know what's missing.

That is absolutely incorrect, there are numerous examples in this thread alone and I'm sure I could provide you with mountains of other examples if I researched it a little bit.

We have had machines that:
- Did not cast the correct vote based on touchscreen input, sometimes numerous times
- Overvotes (i.e. more votes counted than registered voters exist)
- Lost Votes (i.e. 4000 votes just disappear)

Who knows what else has gone wrong? You are very quick to write off the people finding these discrepancies as "tin foil hat wearing Bev Harris worshippers" but in fact they are performing a valuable service finding the flaws that government agencies chose not to take the due diligence to do. Diebold and others were so interested in getting to market first and making money that no one really thought this whole thing through, they didn't test it thoroughly and for the past year or so we have had numerous instances reported where the machines have failed and sometimes reports of state governments taking these companies to court. Please note - state governments, not tin foil hat wearing conspiracy theorists. From my experience in the IT industry it sounds like the typical problems with a software product that is rushed to market without proper design and testing, and I have been saying it for quite some time now, go back and check the original electronic voting thread.

In a lot of cases these errors were caught and fixed, but your assertion that there have been no mistakes and the machines have performed flawlessly is absolutely without a doubt 100% FALSE. Were they due to hackers, bad code, bad process? No one really knows because again no one is really taking this investigation seriously except for the one person you seem to despise - Bev Harris. If we don't make a serious effort to find out why these problems occurred then we are doing ourselves a huge disservice.

In my opinion this isn't about whether Kerry won or lost, he lost and I have accepted that. But I refuse to accept technology for technology's sake and just "trust" these companies and the government with no independent verification, no audit trail and most importantly no election (of any kind) without mistakes. Are other voting methods prone to mistakes? Sure. That however, is irrelevant because you claim these machines are perfect and they clearly are not. If this is to be the new technology then we owe it to ourselves to do it right. America needs to have confidence in elections and right now I don't have very much, nor do a lot of people after the past two elections.

All your concerns in terms of authenticating the software is not transparent. The election commision dictates the standards, verifies the software, certifies it, and implements the process. The only thing the evoting companies keep proprietary is the source code. In fact, the FEC doesn't even get the software from Diebold. It gets it from the Independant Testing Authorities (ITA). They shake it down so there is no chance votes could ever be miscounted.

Throughout Election Day, election judges match the number of votes cast on the voting units against the total number of voters who entered the polling place to vote. Any discrepancy will be noted. Post-election auditing is included in the Canvass process. Prior to the Election, the local board identifies 10% of the precincts that will be audited. One hundred percent of the memory cards are re-run through the accumulation process and compared to the Election Night. The votes cast on each voting unit (public counter) are compared once again to the number of Voter Authority Cards signed by the voters who came to the polling place and cast their votes on the ballot. The individual totals tape from each unit will be matched to the memory cards for each unit for the precinct

There is just no-way no-how to fool this system unless everybody involved was part of the fraud effort.

Curmudgeon, I've been thinking about your posts. Think of the election as a golf tournament. There are 50 holes (states). There are two ways to score - total strokes (like par = 72) or "skins" like was on TV last weekend. Our electoral system is a skins game. Coming down the Michigan fairway, Bush was in a sand trap and Kerry had a 3 foot put for par. So Bush said "that one's good, it's a gimme." He concedes the hole. Kerry wins Michigan. Stop counting at the end of the night, go home.

In Ohio, Kerry conceded, because he saw that Bush had a one-inch putt and a 130,000-vote putter. (OK, maybe it's not the best analogy after all) In any case, I think that indeed it is a waste of time to "count every vote." It may sound nice to say it, and Jesse Jackson can rhyme it with something, but it accomplishes exactly nothing. Network news did not concede the vote; common sense did.

While I suppose it would be 'better' if each and every vote in each and every county were posted on a website, the reality is that it just doesn't matter. When a state is won, it is won. Why in the world would we go through 50,000 provisional ballots, using state employees, if the margin of victory is 250,000. What would be the purpose? What is going on in Ohio is a complete waste of time and effort. Those seeking perfection are likely not to find it in state or local government. Even Lexus and Mercedes have defects, and these products are actually driven to be superior by market forces. Gov't has no such incentive, and will bumble along providing adequate minimal service given cost constraints in most cases. And in most cases, it's good enough. Like in Ohio, except for nighttimer's 90 minute wait.

It had nothing to do with the machines. All of it was human error.

Workers forgot to turn the machines on in time, so people couldn't vote when the polls opened. That's one.

Didn't properly record Spanish votes. Somebody was doing a demo without a certified template. It actually recorded the vote, but not where it was expected.

These are examples of issues blamed on machines, but groundless. The problems with the machines have been hardware problems: touchscreen not working properly, bad flash cards, etc. Not unlike problems with optical scanning equipment. There's nothing new or unique about these types of problems.

And I never even implied that the machines worked 100% flawlessly. That's impossible. A non-machine system couldn't do that. What I DID state, was that no machine has ever made a factual error in recording a vote. Bev Harris is still looking for them (factual errors - meaning, a fraudelant vote) when she's not cashing her donation checks.

First, I have to disagree with your statement that "the most secure things in software have been open standards for everyone to use". That is patently incorrect. The most secure things in software have been completely closed and isolated, with no external access whatsover. You can't hack what you can't access. With that in mind...there is no mention of ability to access in any of your scenarios. This is a huge omission, as it ignores the most important part of the security of the system. With that in mind...could you provide any reasonable scenarios in which someone would have have the necessary access to perform the hacks you mention, and also how the normal double-entry accounting (which would require a different access point and security credentials) wouldn't catch it?

When you write "completely closed and isolated", what exactly do you mean? The whole point of computation is to take a bunch of inputs, process them, and give you a bunch of outputs. To be "completely closed and isolated" means don't take any inputs and don't give any outputs. If anything is "patently incorrect", then I'd have to say your view of isolation in computation is.

However, perhaps, you mean that access to the inputs and access to the outputs is tightly managed. Perhaps, you mean that the program which processes those inputs and gives you the outputs is tightly controlled. Perhaps, this is what you really mean. I'm not sure. Perhaps, you could define what it is you mean when you write "completely closed and isolated".


The buffer overflow exploit is the most common mechanism for getting access to a system. It simply consists of using unintend input mechanisms to overwrite the loaded code with the code you desire to execute. When I was a whipper-snapper, I (sheepishly) admit that I've done exactly that. Port probes on unsecured networks can allow installation of zombie processes which can be used to probe for access further in the network. Eventually access can be found given enough time and a clever enough software design. Obviously, not just anyone can do this but to be honest it isn't all that difficult given the inclination. And no matter what type of network you have, be it "IP" or "sneakernet", it only takes one lapse in security to deliver a payload of replicating malware.

There are examples of closed source software doing a good job protecting the data. Yet, the banking system has secured protocols which are standardized and open. These protocols are hacked from time to time but there is good authentication to detect discrepancies in the data. The motivation for protecting this data is very, very strong since it is money involved. Banks are in the business of transferring money (with a cut). Yet, even money transactions are hacked. There is no equivalent concept with votes. Unfortunately, this means the motivation for protecting votes is simply not as strong as that for protecting money. It takes money to secure a system and votes while important are simply not money.

Again, I don't want this to be a polemic on open source vs closed source, but I do have some experience being on both sides of the security fence. Any system can be compromised given enough time and inclination. We still need to lock our doors but it is vital that we track of what precisely we're locking inside those doors, otherwise we'll never know what's been taken.

You guys obviously know more about programming than I, but I think DaytonRocker's point was, "it's not a network." It's a machine in a room, just like a box of votes would sit in a room. You could stuff the box, but you might get caught. You could mess with the machine, but you might get caught. How does e-voting make this different, other than it won't lose a bunch of votes to hanging chads. And if the precincts are NOT networked together, doesn't it still take one hacker per precinct to gain access to the machines?

The most common form of network until recently is known as "sneakernet". It consist of a person wearing shoes (perferably sneakers) holding a piece of storage technology (like a disk or flash card) downloading and uploading data between 2 or more data processing systems (computers).

Gotcha. So, if Franklin County, Ohio has 780 precincts and about 700,000 registered voters, for the flash card hacking to work, let me know if I have this right:
- 1560 sneakers, with each pair attached to one of 780 election judges
- These election judges are recruited, trained in hacking, provided equipment and somehow compensated by political operatives, maintaining complete secrecy
- They all have managed to be screened and hired as election judges
- Despite heavy voter turnout, they manage to send the other judges off to go buy popeye's chicken while they mess with the flash cards
- All of this to skew the total Ohio vote count by a number large enough to affect the election but so small that it wouldn't be noticed when randomly audited?

No, only one "sneaker" would need to be compromised for your scenario to work. Payload is delivered to vote processing system which then proceeds to corrupt the data on the server side. Alternatively, you could infect the software which "cleans" the flash or the software which downloads the patches for the voting machines themselves. You could infect the system which manages the uploads of the vote data or even infect the database transaction system. You could do any number of hacks to do interesting things to either the data or to the code which collects or processes that data at any point in the chain. Keep in mind that the voting machines are but one piece of the entire network of the voting system. In computer network parlance, you can infect the data plane or the control plane on either the client or server sides of the front end or back end applications. This malware could replicate into other systems and need not be "active" until secondary or tertiary infections occur depending on the requirements.

Even though I do this for a living: if I can think of it, anyone can think of it. Familiarity with the systems helps but is not required as some of these exploits use brute force techniques. Also, I suspect the first types of attacks we'll start seeing will not have an "agenda" rather they will be done just for the thrill of it. Again, the best solutions I have seen to avoid malware attacks is to offer both security and authentication.

The analogy to a golf game is meaningless to me as I have yet to pick up my first golf manual to learn the basic rules of the game.

When I started posting in this thread, I was responding to:

My thought process was, if there is widespread fraud, it will be as likely to show up in places where Kerry won as where Bush won. So, I looked at the county where I lived. I discovered that the posted results in Lansing showed more votes for President in my County than voters who had voted in my County. I'm sorry, but "1 man, 1.04 votes" is not the acceptable ratio. Something was rotten in Denmark, and I posted it as such. A week later, with the addition of provisional voters, there were perhaps another 700 voters counted, but fewer votes actually counted for President. It took an additional week for our Republican Secretary of State to post official results. This morning, an additional two weeks later, I learned that the results posted on CNN still show over 1,000 more votes cast for President in this County than the actual number of voters who voted. That does not give me personally, a great deal of confidence in any results I see on CNN.

My only request for a hand recount of all the election results was as a challenge in Defending the Indefensible. Right now we "know" that George W. Bush won the election in Ohio because CNN told us so. Ohio's Secretary of State was on Crossfire this evening, where I learned that he was in charge of George W. Bush's campaign in Ohio, and that he is in no hurry to certify the results for his state. Go to the web site titled: Ohio Secretary of State: Election Results and you get:


Yes, that's right, a month after the election is over and the web site is still promising "Visit this site on election night, November 2nd, and watch Ohio general election results here." I had my 11 year old daughter to read it over and give me her opinion... It was apparent even to her that this was not an adequate job of reporting the results.

It has been argued here that it would take one lucky 12 year old hacker or 10,000
well co-ordinated programmers to hack the election. My personal experience? In 1973, I entered data onto a data entry sheet as a clerk, and mailed it to the key-punch dept. I learned that I could change the format of the reports I received by altering the way that I asked for the data to be entered. It also altered the results that my department's accountant received, and that's how I learned the department had an accountant. I have no reason at all to doubt that a sub-routine program could be written that was activated by casting a straight party Republican vote with a vote for Ralph Nader for President as well. After all, hasn't the mantra been "A vote for Ralph Nader is a vote for George W. Bush?"

CNN decided which states had been won by whom and declared a winner. I was watching absentee ballots being counted until 2:30 AM on the 3rd of November. When I emerged from that room, I was told that they were still counting votes throughout the rest of that County. We had at that point no unofficial results to report from that County, but we were told that CNN had reported that George W. Bush had won the election. What I am asking is simple enough, that the vote count be reported by the appropriate election officials before we decide which candidate has won which state. If the rush to decide the winner before the votes were counted resulted in a rush to bad judgment; we the voters should still be entitled to know the actual Election Results as determined by the government employees with no incentive, who bumble along providing adequate minimal service given cost constraints in most cases.

In the 2,000 election cycle, I am told that the person who actually decided George W. Bush was the winner in Florida was a cousin who worked for Fox news. This country is still a Democracy. Yes, our concept of who we are, and our part in the world is shaped by the media as never before in our history. That does not mean that we need to concede our choice of a leader to a talking head with the Chutzpah to jump in with both feet and cry "My man won!" before he leads a parade of non-questioning reporters to Washington to watch a coronation...

Certainly...on a closed (or no) network, thereby preventing unauthorized people from accessing the system at all (most 'hacking' being done to systems that are connected to the Internet, thereby providing easy, and unobserved, access to at least allow attempts at hacking.




These are both examples of systems that are open on the network. Voting systems have no need to be on the network. It's not a matter of closed source vs open source...it's one of closed access vs. open access. You can't hack a system unless you're physically attached to it. Might it still be possible to do right in the voting center? Sure...but that greatly reduces both the time, and, given the location, probably the inclination.

Further, as I have said in the other electronic voting threads...these machines don't need to be perfect...they just need to be better than what we have. I can think of a far greater number of ways to compromise the current system than I can an electronic one...it doesn't take a computer guru to stuff a ballot box.

I enjoy our conversation, but "you are told" how this election was "decided" by a delusional filmaker, and it is not true. Moore apparently had no problem with "Bush's Cousin" while he was calling elections for Bush I and Clinton I & II at the NBC election desk for years... From the complete debunking of F-9/11 available here. My emphasis added.

The media did not coronate a king. VNS exit polling was flawed in 2000, and they tried to improve it for 2004, including making sure that people did not call states early. Remember, Fox News, the alleged conspirator here, actually called Florida early for Gore in 2000, costing George Bush votes in the Panhandle. This was remedied somewhat for 2004, which is why no one called Ohio despite the huge vote margin.

How something is manufactured is one thing. How it is installed or implemented can be another.

I just came back from just short of 6 weeks in New York where I converted Diebold alarms in banks to Radionix systems.

Now I am assuming DIEBOLD is a parent company of the Diebolt system since that company was also the one installing the vaults and was founded in 1959. Not wanting to leave it with a such an assumption I pulled this off their web site:

source

Maybe Diebolt was simply the name of the security system and vault equipments. I am not completely certain.

Anyway, like I said I just pulled out dozens of those systems. If the workmanship on those alarms is any indication of the workmanship of DIEBOLD employees in general then I would DEFIANTLY be concerned about these voting machines.

I will not go into detail accept to say that many banks thought they had things secured that due to poor installation, and some outright horrible jury-rigging, they actually had no protection at all.

That being said, it would seem to me to be reasonable to suggest that we have the best possible ability to audit these systems as we possibly can. To me, that would seem to be open-source AND a skilled non-partisan (or more realistically bi-partisan) body to continually audit this equipment.

This way the Auditors can audit the systems and the people (at least those with programming skills) and effectively audit the auditors.

Millions upon millions of ATM transactions daily--complete with receipt of transaction on paper-COMPLETE with the ability to instantly verify the transaction with a quick check of your account over the internet OR the Phone
and our governement is unable to provide any way to check how the voting on the Diebold machines went?????

In the year 2004 we still have How many different ways of voting in this country?
There should be one method--with a way to verify the result.
You should be able to walk out of there with a receipt--there is No excuse for this not being possible.

Any logical human being would think Americans would want to be sure of the sanctity, the validity of their elections.

And as for the cost--please spare me the whining--this is our democracy?
What is more important than that.

It's interesting to note that Diebold is the maker of a great many of those machines. It would seem to me, they should know how to get a receipt printed.



The one problem with this is that Elections, or more to the point how we elect, is NOT controlled, or funded nationally. It is handled by election boards, who are roughly at county level. So each individual area is addressing it as they choose. And the cost is a real concern because, unless federal grants are given, it can only be paid for by a new tax of some sort (certainly not a poll tax), from existing property tax revenues, or by raising property taxes.

Of course, it could be paid for in spades if they addressed the waste fraud and abuse at all levels of government, but that is (sadly) probably the mother of all pipe dreams.

I for one, and not sure I want elections controlled on the national level. There is only one office in the country that everyone in the nation votes on. Even at the state level there are only a handful of offices that everyone in that state votes for.

I always prefer local control over state and especially federal control. What we need, is a set of standards of some sort for people to see as the milestone that they should have access too. Then the people in each area need to hammer on their election boards and local government to make it happen.

Many election boards (if not all) are elected positions. If you can't get results, vote the bums out.

control can be preserved at the local level. However there is no reason for varying methods of vote counting--especially methods that lead to human error and take weeks to perform in many cases. That should only happen during a recount.

As for the funding--I am sorry but as someone who will always be for less tax I cannot seriously beleive Americans would actually complain about the costs with ensuring an accurate and verifiable election result.

There should be NO doubt as to the truth of how people voted.
There must be a failsafe method of verifying the vote--or real world the chances of tampering must be in the very minor percentage.-- I have no faith in the Diebold machines. Doesn't matter though because IT cannot be verififed anyhow.

At the very least there should be absolutely NO connection between the makers of the equipment and ANY political party. Diebold has provided plenty of reason to have suspicions.

Are you seriously comparing some possibly 150 year old bank alarms that where made by who know's who to some electronic voting machine's that uses simple proven programming laungage that where made last year?



If they have been in business this long and supply ATM machines across the country they must have done something right.

But how do you have local control if you are required to only do it one way, with one type of equipment. I understand your sentiments, I just don't see how local control can be maintained unless the localities are allowed to make their own choices.

.

Chris, you and I both know that when one has a family, but earns little, one can only find so much to pay their bills with. Property taxes are the most regressive tax we have. The working class poor, who own homes very well could feel that food on the table is more important then having the best accuracy they can have on election night. You can't eat idealism.



I won't argue with this idea, I am not sure it's really possible, but I certainly support the sentiment.



I am comparing an alarmed manufactured by them, installed by them and up until 2 months ago MAINTAINED and UPGRADED by them to machines made this year, yes.

My post complained about the workmanship of the installation. I should have included the maintenance of the system, but I saw that as a given, not really considering the fact that most people here don't work in my industry. my goof.